Remote Code Execution Vulnerability in OpenJDK from Debian
CVE-2014-8873

Currently unrated

Key Information:

Vendor: Oracle
Status: Openjdk
Vendor: CVE Published:; 9 November 2015

Summary

A vulnerability exists in the Debian OpenJDK 7 package where a .desktop file improperly registers a MIME type that interacts with /etc/mailcap. This flaw can be exploited by remote attackers, enabling them to execute arbitrary code through specially crafted JAR files, potentially compromising system integrity.

References

http://www.debian.org/security/2015/dsa-3235

vendor-advisoryx_refsource_DEBIAN

http://www.securityfocus.com/bid/76019

vdb-entryx_refsource_BID

http://www.openwall.com/lists/oss-security/2015/07/18/2

mailing-listx_refsource_MLIST

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 9, 2015
Vulnerability Reserved
Nov 14, 2014