[SECURITY] [DSA 3381-1] openjdk-7 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3381-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 27, 2015

Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE

Hi @ll, Mozilla's (executable) full setup packages for Windows allow arbitrary code execution resp. escalation of privilege: their SETUP.EXE loads SHFOLDER.DLL ['] from a temporary (sub)directory "%TEMP%\7zS.tmp\" created during self-extraction of the full setup packages. This vulnerability is