MS-ISAC CYBERSECURITY ADVISORIES

MS-ISAC ADVISORY NUMBER:
2016-053

DATE(S) ISSUED:
03/24/2016

SUBJECT:
Vulnerability in Oracle Java SE Could Allow for Remote Code Execution

OVERVIEW:

A vulnerability in Oracle Java SE for desktop web browsers could allow for remote code execution. This vulnerability does not affect Java deployments, such as those in servers or standalone applications that run only trusted code nor does it affect Oracle server-based software. Successful exploitation of this vulnerability may allow for remote code execution in the context of the current application. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

THREAT INTELLIGENCE:

Technical details of the vulnerability have been publicly disclosed. There are no reports that this vulnerability is being used in the wild at this time.

SYSTEMS AFFECTED:

  • Oracle Java SE 7 Update 97
  • Oracle Java SE 8 Update 73 and 74

RISK:

Government:

  • Large and medium government entities:High
  • Small government entities:High

Businesses:

  • Large and medium business entities:High
  • Small business entities:High

Home users: High

TECHNICAL SUMMARY:

Oracle Java SE is vulnerable to a remote code execution vulnerability due to a flaw in its "Hotspot" sub-component. This vulnerability can be exploited when a user running an unpatched version of Java SE visits a malicious web page.

Successful exploitation of this vulnerability may allow for remote code execution in the context of the current application. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

  • Multiple memory corruption could allow for execution of arbitrary code with kernel privileges (CVE-2016-1733, CVE-2016-1734, CVE-2016-1735, CVE-2016-1736, CVE-2016-1743, CVE-2016-1744, CVE-2016-1746, CVE-2016-1747, CVE-2016-1748, CVE-2016-1749, CVE-2016-1754, CVE-2016-1755, CVE-2016-1759, CVE-2016-1741, CVE-2016-1717, CVE-2016-1719, CVE-2016-1720, CVE-2016-1721, CVE-2016-1722)
  • Out-of-bounds read issue could allow the attacker to be able to determine kernel memory layout (CVE-2016-1732, CVE-2016-1758 )
  • Multiple vulnerabilities in processing various file types can lead to arbitrary code execution(CVE-2015-8126, CVE-2015-8472 ,CVE-2016-1737, CVE-2016-1740, CVE-2014-9495, CVE-2015-0973, CVE-2016-1767, CVE-2016-1768, CVE-2016-1769, CVE-2015-8126, CVE-2016-1775, CVE-2015-1819, CVE-2015-5312, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942, CVE-2015-8035, CVE-2015-8242, CVE-2016-1761, CVE-2016-1762, CVE-2015-7995, CVE-2016-1740)
  • A code signing verification issue could allow for execution of arbitrary code in the application's context (CVE-2016-1738)
Successful exploitation of these vulnerabilities could result in but not limited to information disclosure, access restricted ports on arbitrary servers, give an attacker the ability determine kernel memory layout, or allow for arbitrary code to be run within the context of the user or kernel.

RECOMMENDATIONS:

We recommend the following actions be taken: