CVE-2018-2627

Name of the Vulnerable Software and Affected Versions Java SE versions 8u152 and 9.0.1

Description The issue is a difficult to exploit vulnerability in the Java SE component, specifically in the Installer subcomponent. It allows a low privileged attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Although the vulnerability is in Java SE, attacks may significantly impact additional products, and successful attacks can result in the takeover of Java SE. This vulnerability applies to the Windows installer only.

Recommendations For Java SE version 8u152, update to a version that fixes this issue. For Java SE version 9.0.1, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the Windows installer to minimize the risk of exploitation.