Oracle has released an updated February 2013 Critical Patch Update for Oracle Java SE to address a vulnerability. This vulnerability could allow a remote unauthenticated attacker to execute arbitrary code on vulnerable systems or to provide unauthorized disclosure of information.
The following versions of Oracle Java SE are affected:
- JDK and JRE 7 Update 13 and earlier
- JDK and JRE 6 Update 39 and earlier
- JDK and JRE 5.0 Update 39 and earlier
- SDK and JRE 1.4.2_41 and earlier
US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied. Additional information regarding this vulnerability can be found in Vulnerability Notes VU#636312.