-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2012-0110

Title: UPDATED - Oracle Java Runtime Environment Remote Code Execution Vulnerability. Fix is available from Oracle [8]

Version history:
30.08.2012 Initial publication
31/08/2012 CVE-2012-3108 - Updates are marked with NEW !!

Summary
=======
Oracle Java Runtime Environment (JRE) is prone to a remote code execution vulnerability.  [1]

NEW !! CIMBL-2012-023 makes reference to some of the domains hosting the exploit.

CVSS Base Score
CVSS v2 Base Score:9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C) [2,4]

Affected Versions
=================
This vulnerability affects Oracle JRE 1.7.0 Update 6; prior versions may also be affected. 

Original Details
================
An attacker can exploit this issue to bypass Java sandbox restrictions and load additional classes to execute arbitrary code in the context of the application.  [1]

By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system. [3]

The issue is being exploited in limited targeted attacks. 

The following exploits are available: 
  /data/vulnerabilities/exploits/55213.java
  /data/vulnerabilities/exploits/55213.rb 

What can you do?
================
NEW !! Patch is available from Oracle. Java SE fixes in this Security Alert are cumulative; this latest update includes all fixes from previous Critical Patch Updates and Security Alerts. [8]

Workaround:

Disable the Java Plug-in [7]

Disabling the Java web browser plug-in will prevent Java applets from from running. Here are instructions for several common web browsers:

Mozilla Firefox: How to turn off Java applets [5]

Microsoft Internet Explorer: Change the value of the UseJava2IExplorer registry key to 0. Depending on the versions of Windows and the Java plug-in, the key can be found in these locations: [6]

       HKLM\Software\JavaSoft\Java Plug-in\{version}\UseJava2IExplorer

       HKLM\Software\Wow6432Node\JavaSoft\Java Plug-in\{version}\UseJava2IExplorer
   
The Java Control Panel (javacpl.exe) does not reliably configure the Java plug-in for Internet Explorer. Instead of editing the registry, it is possible to run javacpl.exe as Administrator,  

navigate to the Advanced tab, Default Java for browsers, and use the space bar to de-select the Microsoft Internet Explorer option.

What to tell your users
=======================
Normal security best practices apply. Especially, inform your Web users to be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Users are to be aware 

not to click on the link in suspicious emails to immediately forward the suspicious email to the respective IT security officer / contact in your institution.

More information
================
[1] http://www.securityfocus.com/bid/55213/discuss
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4681
[3] http://www.kb.cert.org/vuls/id/636312
[4] Information about CVSS: http://www.first.org/cvss/cvss-guide.html
[5] https://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets1
[6] http://www.kb.cert.org/vuls/id/636312
[7] http://www.auscert.org.au/render.html?it=16262
NEW !! [8] http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

Best regards,

CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJQQKRVAAoJEPpzpNLI8SVoz04P/06nFBGm8cchtI9ZS5CUbUXk
OoXA3Kwkhe+MRdcqDjmqVXV69d7108vS7vh+CscvyvIY621a4bHz9sXMevYWxPTo
wJ6vPe1KvIJNMnuzDpzJYWucfYwzY5q3ozJRB4attp5TV4+OZp5IzwWnnhUaxGMy
daxRHdZexjFmNfaXfrq8PjA3JhJG+jDu9T1hSvIdt3dCog7Wzf9h486zgq0v/JqL
RU0La6qM0p899ICSAwz4jdIb05qP8yCrTbUqJZ6TRYBTH4qr9htqLqz8jEfZ6dxm
0CVGV9S+A5k5hVZk1vTQ8zIyIwfO8wkUmajoVYSmnwicNEdI0ugG8YBkNt6O55ez
MSDmVXwkP52EA53nCVj6q9800VP68tABVb7Ciwqpx8xEXDsOzPzefHI6C1Wg2Sp6
9VdCujw7xmRLzdnnIIx1OcuGTZI+w+iVKp29eVsEvWpqpYg+B9lDt6iPvmZNGR3u
M+HRqqR1sBBmUZVmHH4i1PYAzy5jsQQTSrxncXZGLgB6YybFiEgmarqktx9ELFyC
8NTK4ZzFIJRS/lfelNHoxJSZy7wCNFmdDxTFT+OFiXMuqVsQ5X7wy+qsJdzKiVBM
lVcssN0vZPIJNSgbiBKi0MqwM0r4VdRqZX3j/r5K4nZRv355Q6wss/djcP3eEdr4
LKUvZBzlVnWrbQRSeMf2
=1B84
-----END PGP SIGNATURE-----