CVE-2010-4450

Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions 6 Update 23 and earlier for Solaris and Linux Java Runtime Environment (JRE) versions 5.0 Update 27 and earlier for Solaris and Linux Java Runtime Environment (JRE) versions 1.4.2 29 and earlier for Solaris and Linux

Description The issue affects confidentiality, integrity, and availability of local standalone applications via unknown vectors related to Launcher. It is claimed by a downstream vendor to be an untrusted search path vulnerability involving an empty LD LIBRARY PATH environment variable, although Oracle has not commented on this.

Recommendations For Java Runtime Environment (JRE) versions 6 Update 23 and earlier, update to a version later than Update 23. For Java Runtime Environment (JRE) versions 5.0 Update 27 and earlier, update to a version later than Update 27. For Java Runtime Environment (JRE) versions 1.4.2 29 and earlier, update to a version later than 1.4.2 29. As a temporary workaround, consider restricting the use of the Launcher component in local standalone applications until a patch is available.