DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 14, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 137 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

Java flaw shows danger of storing old installers in your download folder

Posted on Tuesday, February 09 2016 @ 13:14:42 CET by


Oracle issued a warning to urge people to delete all Java installers lumbering around in the download folder of your browser, as older versions of the Java installer are vulnerable to an attack technique called binary planting.

The company says Java installers with version numbers below 6u113, 7u97, 8u73 are vulnerable to the attack. The flaw is quite complex to exploit though, it requires the planting of malicious DLLs into the browser's download folder, which will only be executed if the user executes one of the vulnerable install clients:
The reason is that older Java installers are designed to look for and automatically load a number of specifically named DLL (Dynamic Link Library) files from the current directory. In the case of Java installers downloaded from the Web, the current directory is typically the computer's default download folder.

If an attacker manages to place a specifically named malicious DLL into a computer's "Downloads" folder, that file will be executed when the user tries to install Java for the first time or when he manually updates an existing Java installation by downloading and running a new installer.

"Though considered relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user’s system," said Eric Maurice, Oracle's software security assurance director, in a blog post.




 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba