Java technology vulnerability could compromise desktop computers and laptop computers running Windows
Java technology vulnerability has been reported by researchers and it could be exploited by attackers and used to compromise desktop computers and laptop computers running Windows in case they visit webpage hosting malicious code.
The problem has been reported with Java Web Start framework which enables developers to create Java applications in an easy manner. Even disabling Java plug is not expected to offer safeguard against attack. The vulnerability has been reported on all current versions of Windows and other browsers including the likes of Chrome, Internet Explorer and Firefox.
Sun has been informed regarding the problem but the company said that the risk was not high enough for issuing patch outside the regular quarterly patch cycle.
As per details provided by Tavis Ormandy, Google engineer:
The toolkit provides only minimal validation of the URL parameter, allowing us to pass arbitrary parameters to the javaws [Java Web Start] utility, which provides enough functionality via command line arguments to allow this error to be exploited. The simplicity with which this error can be discovered has convinced me that releasing this document is in the best interest of everyone except the vendor.