====================================================================

                                CERT-Renater

                    Note d'Information No. 2016/VULN049
_____________________________________________________________________

DATE                : 09/02/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Windows running Java versions 6, 7, 8 prior to
                                    6u113, 7u97, 8u73.

======================================================================
https://blogs.oracle.com/security/entry/security_alert_cve_2016_0603
_____________________________________________________________________


Friday Feb 05, 2016
Security Alert CVE-2016-0603 Released
By Eric P. Maurice-Oracle on Feb 05, 2016

Oracle just released Security Alert CVE-2016-0603 to address a
vulnerability that can be exploited when installing Java 6, 7 or 8 on
the Windows platform. This vulnerability has received a CVSS Base Score
of 7.6.

To be successfully exploited, this vulnerability requires that an
unsuspecting user be tricked into visiting a malicious web site and
download files to the user's system before installing Java 6, 7 or 8.
Though considered relatively complex to exploit, this vulnerability may
result, if successfully exploited, in a complete compromise of the
unsuspecting user’s system.

Because the exposure exists only during the installation process, users
need not upgrade existing Java installations to address the
vulnerability. However, Java users who have downloaded any old version
of Java prior to 6u113, 7u97 or 8u73, should discard these old
downloads and replace them with 6u113, 7u97 or 8u73 or later.

As a reminder, Oracle recommends that Java home users visit Java.com to
ensure that they are running the most recent version of Java SE and
that all older versions of Java SE have been completely removed. Oracle
further advises against downloading Java from sites other than Java.com
as these sites may be malicious.

For more information, the advisory for Security Alert CVE-2016-0603 is
located at 
http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html 



==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================