Freely subscribe to our NEWSLETTER

With Java being installed on many computers, this flaw will undoubtedly catch the eye of cyber criminals, who will be quick to find a way to exploit this vulnerability. As this leak can be exploited in most popular browsers, and is not slowed down by the security features of Windows Vista and Windows 7, this could bring serious damage to a large number of computers.

Protect yourself against this

Disabling Java-script does not protect against exploits of this vulnerability. Because it is not yet clear when this leak will be patched by Sun, users need to manually change their settings. For the two most popular browsers there are details below of how to rectify this problem:

– For Microsoft Internet Explorer, it is necessary to set a killbit
for the ActiveX class ID CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA. The manual
on how to do this can be found through the following link:
http://support.microsoft.com/kb/240797.

– For Mozilla Firefox, you need to go to the ‘Extra’ menu and click on
‘Add-Ons’. Under the header ‘Plugins’, you will find the Java Deployment Toolkit, that can be disabled by clicking ‘Deactivate’.

Background

Security researcher Tavis Ormandy released the information about this vulnerability on seclist.org. The vulnerability originates in the browser plug-in Java Deployment Toolkit, which is installed automatically alongside Java Runtime Environment since version 6 update 10 into browsers like Microsoft Internet Explorer, Mozilla Firefox or Google Chrome. The method launch in the toolkit enables an attacker to execute Java’s Web Start Launcher with arbitrary parameters. Ormandy provided a proof-of-concept web page that starts the calculator in Microsoft Windows products.
Only a few hours later, researcher Rubén Santamarta released information on how to load an arbitrary remote DLL. According to Santamarta he was able to bypass security measures DEP and ASLR given that the DLL is directly loaded into the process memory of Web Start Launcher.