Products  |  Software  |  Services  |  Solutions  |  Support  |  Supplies  
HomeSupportSecurityMS05-020
My OcéContact Océ
MS05-037: Vulnerability in JView Profiler Could Allow
Remote Code Execution
/NR/rdonlyres/eor7ve7hxwkjdk43iidczzspz7rvxd6voteqfszflsvbsgseb3hwlndaikano6gyn3hiepyemwt46d/_TemplateResource1.gif
 
This update resolves a newly-discovered, public vulnerability. A COM object,
the JView Profiler (Javaprxy.dll), when instantiated in Internet Explorer,
contains a remote code execution vulnerability that could allow an attacker to
take complete control of an affected system. Since the JView Profiler COM
object was not designed to be accessed through Internet Explorer, this update
sets the kill bit for the JView Profiler (Javaprxy.dll) COM object. If a user is
logged on with administrative user rights, an attacker who successfully
exploited this vulnerability could take complete control of an affected system.
An attacker could then install programs; view, change, or delete data; or
create new accounts with full user rights. Users whose accounts are configured
to have fewer user rights on the system could be less impacted than users who
operate with administrative user rights.

 
Océ systems Vulnerability / Status Recommended action
Océ TDS300 1.x
Océ TDS400 2.x
Océ TDS600 4.x
Océ TDS800 2.x
Océ TDS860 1.x
Océ TCS400 2.x
 Not vulnerable None
Océ DPS400
Océ VP2105		 Not vulnerable None
Océ VP2090
Océ VP2110
Océ VP3070
Océ VP3090
Océ VP3110
 Not vulnerable None
Océ 900C
Océ 950C		 These systems may be affected by this security issue Contact your local Océ representative
Océ 910C
Océ 960C
Océ 1000C
 These systems may be affected by this security issue Automatic System Update
Océ Corporate Site
  Home | Products | Software | Services | Solutions | Support | Supplies  
Privacy policy | Terms of use | Other Océ websites »
© 2008 Océ
All rights reserved