Reference: CERT-EU Security Advisory 2016-84 Short Summary -------------- A user can be tricked into downloading files before installing Java 6, 7 or 8 resulting to a full compromise of his system. The exploitation can take place only during the installation process. CVE reference: CVE-2016-0603 Affected platforms: JDK, JRE Version: JDK - JRE 6 upd.111, JDK - JRE 7 upd.95, JDK - JRE 8 upd.71-72 (windows versions) Date: 2016 - February - 05 Security risk: High Vulnerability: System compromise Vendor Status: Notified / Patch available Systems affected ----------------- Any system that has an older version Java SE installer than 6u113, 7u97 or 8u73 can be subject to this attack. Impact ------- The vulnerability could in a worst case scenario lead to a full compromise of the user's system. Solutions ---------- In case a user has downloaded any vulnerable version, should discard it and download from the Official Oracle website the most recent version of Java SE. All software updates must be only from the vendors repositories. Additional References ----------------------- [1] CVE-2016-0603: http://www.oracle.c= om/technetwork/topics/security/alert-cve-2016-0603-2874360.html [2] CVE-2016-0603: https://blogs.= oracle.com/security/entry/security_alert_cve_2016_0603 CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383