10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
openjdk is vulnerable to sandbox restrictions bypass. An improper permission check issue was discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html
blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/
icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.4/NEWS
immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html
krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html
malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
rhn.redhat.com/errata/RHSA-2013-0156.html
rhn.redhat.com/errata/RHSA-2013-0165.html
seclists.org/bugtraq/2013/Jan/48
www.kb.cert.org/vuls/id/625617
www.mandriva.com/security/advisories?name=MDVSA-2013:095
www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
www.ubuntu.com/usn/USN-1693-1
www.us-cert.gov/cas/techalerts/TA13-010A.html
access.redhat.com/security/updates/classification/#important
partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf
rhn.redhat.com/errata/RHSA-2013-0165.html
threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018
www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us