Oracle Java Installer Adds a System Path Which is Writable by All

Vulnerability Summary

Title:            Oracle Java Installer Adds a System Path Which is Writable by All Users

Release Date:      21 January 2015

Reference:         NCC00767

Discoverer:        Edd Torkington

Vendor:              Oracle

Vendor Reference:  S0514586

Systems Affected:  Oracle Java 8 Version 25

CVE Reference:     CVE-2015-0421

Risk:                High

Status:            Fixed

Resolution Timeline

Discovered:        18 November 2014

Reported:          18 November 2014

Released:          21 November 2014

Fixed:             20 January 2015

Published:         21 January 2015

Vulnerability Description

“Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications require.”

The Oracle Java Version 8 update 25 installer was found to add a system path which was writable by all users.

Technical Details

The vulnerability can be confirmed as shown below:



C:>cacls C:ProgramDataOracleJavajavapath

C:ProgramDataOracleJavajavapath NT AUTHORITYSYSTEM:(OI)(CI)(ID)F


                                    CREATOR OWNER:(OI)(CI)(IO)(ID)F


                                    BUILTINUsers:(CI)(ID)(special access:)





This would allow an attacker to trivially elevate privileges by abusing processes with high privileges which rely on or load components from the system path.

Fix Information

NCC Group

Twitter:         @NCCGroupInfoSec

Open Source:

Blog:             /en/blog/cyber-security/



Call us before you need us.

Our experts will help you.

Get in touch
%d bloggers like this: