CVE-2017-3260

Name of the Vulnerable Software and Affected Versions Java SE versions 7u121 and 8u112

Description The issue is related to the Java SE component, specifically the AWT subcomponent. It is a difficult to exploit vulnerability that allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The vulnerability can result in the takeover of Java SE. This issue applies to Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, and rely on the Java sandbox for security.

Recommendations For Java SE version 7u121, update to a version that fixes this issue. For Java SE version 8u112, update to a version that fixes this issue. As a temporary workaround, consider restricting the use of the AWT component until a patch is available. Avoid running untrusted code in Java deployments that rely on the Java sandbox for security.