Endpoint Vulnerability

Security Vulnerability CVE-2014-6468 in Oracle JRE

Description

The supported version that is affected is Java SE 8u20. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client and server deployment of Java. This vulnerability requires local access to the victim environment in order to plant the affected jar file. Once the affected jar file was planted, this vulnerability can be triggered through sandboxed Java Web Start applications, sandboxed Java applets, and launching the affected application locally. It can also be triggered by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

Affected Products

Java JRE

References

CVE-2014-6468,