Multiple Oracle Java Products 'unpack.cpp' Insecure Temporary File Creation Vulnerability

Multiple Oracle Java Products are prone to an insecure temporary-file-creation vulnerability.



Local attackers may be able to perform symbolic-link attacks to overwrite arbitrary files on the affected computer. Other attacks may also be possible.



The following versions are vulnerable:



Oracle Java JRE 7 Update 51


Oracle Java JDK 7 Update 51


Oracle OpenJDK 1.6.0, 1.7.0, and 1.8.0


 

Privacy Statement
Copyright 2010, SecurityFocus