CVE-2013-3009

Name of the Vulnerable Software and Affected Versions IBM Java versions 1.4.2 before 1.4.2 SR13-FP18 IBM Java versions 5.0 before 5.0 SR16-FP3 IBM Java versions 6 before 6 SR14 IBM Java versions 6.0.1 before 6.0.1 SR6 IBM Java versions 7 before 7 SR5

Description The issue allows remote attackers to bypass a sandbox protection mechanism. This is achieved by exploiting the improper exposure of the invoke method of the java.lang.reflect.Method class in the com.ibm.CORBA.iiop.ClientDelegate class. The attack vectors are related to the AccessController doPrivileged block, enabling attackers to call setSecurityManager.

Recommendations For IBM Java version 1.4.2, update to 1.4.2 SR13-FP18 or later. For IBM Java version 5.0, update to 5.0 SR16-FP3 or later. For IBM Java version 6, update to 6 SR14 or later. For IBM Java version 6.0.1, update to 6.0.1 SR6 or later. For IBM Java version 7, update to 7 SR5 or later.