Multiple Oracle Java Products 'unpack.cpp' Insecure Temporary File Creation Vulnerability

Multiple Oracle Java Products are prone to an insecure temporary-file-creation vulnerability.

Local attackers may be able to perform symbolic-link attacks to overwrite arbitrary files on the affected computer. Other attacks may also be possible.

The following versions are vulnerable:

Oracle Java JRE 7 Update 51

Oracle Java JDK 7 Update 51

Oracle OpenJDK 1.6.0, 1.7.0, and 1.8.0


Privacy Statement
Copyright 2010, SecurityFocus