-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
Oracle releases Security Alert for CVE-2013-0422
14 January 2013
AusCERT Security Bulletin Summary
Product: JDK and JRE 7 Update 10 and earlier
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
CVE Names: CVE-2013-0422 CVE-2012-3174
Member content until: Wednesday, February 13 2013
Comment: The vulnerability CVE-2013-0422 is currently being widely exploited in
malware kits and the details of this vulnerability are publicly
documented and freely available.
Oracle have released Security Alert for CVE-2013-0422 to fix this
vulnerability and another with a CVSS score of 10.0 in Oracle Java SE.
Oracle has published updates for the Oracle Java SE product group.
The exploitable vulnerabilities apply to Java running in web browsers
and on desktops. The Security Alert contains 2 new security fixes for
Oracle Java SE. Both vulnerabilities when exploited allow arbitrary
code to executed.
Included with this update is a change to the default Java Security
Level setting, from "Medium" to "High". This new setting will cause
users always to be prompted before any unsigned Java applet or Java
Web Start application is run. 
Due to the high severity of the vulnerabilities, Oracle strongly
recommends that customers apply this update as soon as possible.
 Oracle Security Alert for CVE-2013-0422
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: firstname.lastname@example.org
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----