CVE-2016-0603

Name of the Vulnerable Software and Affected Versions Java SE versions 6u111, 7u95, 8u71, and 8u72

Description The issue allows remote attackers to affect confidentiality, integrity, and availability. It is related to the installation process and may involve an untrusted search path that allows local users to gain privileges via a Trojan horse dll in the application directory. The vulnerability can also be exploited to download arbitrary files by sending a link to them during application installation.

Recommendations For Java SE versions 6u111, 7u95, 8u71, and 8u72, consider disabling the installation functionality related to the vulnerable component until a patch is available. Restrict access to the application directory to minimize the risk of exploitation. Avoid using the application directory for installing applications from untrusted sources until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.