Archive

Posts Tagged ‘oracle’

VirtualBox Error 0x000000C4

November 21, 2013 5 comments

I recently tried to upgrade a Windows 8 VirtualBox virtual machine to Windows 8.1 and ran into an error during the process. If I tried to run the upgrade from within the operating system (which is the required way), I received an error stating that my system did not meet system requirements. Specifically it mentions that my processor does not support “CompareExchange128”. After doing some research, I figured out how to turn on support for that in VirtualBox.

In Linux type the following in a terminal:
VBoxManage setextradata [vmname] VBoxInternal/CPUM/CMPXCHG16B 1
NOTE: Be sure to replace [vmname] with the name of your virtual machine.

In Windows type the following in a command prompt:
"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" setextradata [vmname] VBoxInternal/CPUM/CMPXCHG16B 1
NOTE: Be sure to replace [vmname] with the name of your virtual machine.

This also affects individuals installing Windows Server 2012 R2 on VirtualBox.

Advertisements

New Java Exploit

August 21, 2012 Leave a comment

Multiple vulnerabilities have been found in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier that allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by

  1. using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then
  2. using “reflection with a trusted immediate caller” to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

For more information, see CVE-2012-4681: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-4681

Oracle has addressed the vulnerability in following security alert: http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

UPDATE:

  • Aug. 30, 2012: Oracle has released updates for both JRE 6 (Update 35) and 7 (Update 7). Users are advised to update their JRE as soon as possible.
  • Sept. 6, 2012: Apple today released Java 6 Update 35 for OS X. Nothing lately in the news about the known bugs still in Java 7.