Oracle Java is a development platform for developing and deploying Java applications. It includes the Java Development Kit (JDK) and the Java Runtime Environment (JRE). The JRE provides the minimum requirements for executing a Java application (e.g., an applet) and consists of the Java Virtual Machine (JVM), core classes and supporting files.
A vulnerability in the
**java.sql.DriverManager** class allows arbitrary command execution outside the security sandbox due to an implicit call to the
**toString()** function that is made within a doPrivileged block.
Upgrade to the current version of Java SE.
Exploit works on JRE 7 Update 17 on Windows XP SP3 (DEP OptIn), Windows 7 SP1 (DEP OptIn), and Ubuntu 12.10, and requires the user to open the exploit page in Internet Explorer on Windows or Firefox on Linux.