CVE-2012-1541

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 6 through Update 38 Oracle Java SE versions 7 through Update 11

Description The issue affects confidentiality, integrity, and availability via unknown vectors related to Deployment. It is reportedly different from other vulnerabilities listed in the February 2013 CPU. There are claims from a third party that the issue may be due to an interaction error between the JRE plug-in for WebKit-based browsers and the Javascript engine, potentially allowing remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements.

Recommendations For Oracle Java SE versions 6 through Update 38, update to a version later than Update 38 to resolve the issue. For Oracle Java SE versions 7 through Update 11, update to a version later than Update 11 to resolve the issue. As a temporary workaround, consider restricting the use of the JRE plug-in for WebKit-based browsers until a patch is available.