Vulnerability ID 5551

Oracle Java SE JRE up to 7 Update 4 2D buffer overflow

CVSSv3 Temp ScoreCurrent Exploit Price (≈)

A vulnerability was found in Oracle Java SE JRE up to 7 Update 4. It has been declared as critical. Affected by this vulnerability is an unknown function of the component 2D. The manipulation with an unknown input leads to a buffer overflow vulnerability. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

The weakness was released 06/12/2012 by Chris Ries as confirmed bulletin. The advisory is shared for download at The public release was coordinated with Oracle. This vulnerability is known as CVE-2012-1713 since 03/16/2012. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details are unknown but a private exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 78936 (RHEL 5 / 6 : java-1.4.2-ibm-sap (RHSA-2012:1332)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Red Hat Local Security Checks and relying on port 0.

Applying a patch is able to eliminate this problem. The bugfix is ready for download at A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the databases at SecurityFocus (BID 53946), Secunia (SA49472), SecurityTracker (ID 1027153) and Vulnerability Center (SBV-35333). See 5539, 5540, 5541 and 5542 for similar entries.


Base Score: 10.0 [?]
Temp Score: 9.5 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:X/RL:O/RC:C [?]
Reliability: High


Base Score: 9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C) [?]
Temp Score: 8.1 (CVSS2#E:ND/RL:OF/RC:C) [?]
Reliability: High




Class: Buffer overflow
Local: No
Remote: Yes

Availability: Yes
Access: Private

Current Price Estimation: $25k-$50k (0-day) / $2k-$5k (Today)


Nessus ID: 78936
Nessus Name: RHEL 5 / 6 : java-1.4.2-ibm-sap (RHSA-2012:1332)
Nessus File: ala_ALAS-2012-88.nasl
Nessus Family: Red Hat Local Security Checks
Nessus Port: 0
OpenVAS ID: 71486
OpenVAS Name: Debian Security Advisory DSA 2507-1 (openjdk-6)
OpenVAS File: deb_2507_1.nasl
OpenVAS Family: Debian Local Security Checks


Recommended: Patch
Status: Official fix
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known



03/16/2012 CVE assigned
06/12/2012 +88 days Advisory disclosed
06/12/2012 +0 days Countermeasure disclosed
06/12/2012 +0 days OSVDB entry created
06/14/2012 +2 days VulDB entry created
06/16/2012 +2 days NVD disclosed
06/16/2012 +0 days VulnerabilityCenter entry assigned
06/18/2012 +2 days VulnerabilityCenter entry created
11/07/2014 +872 days Nessus plugin released
03/22/2015 +135 days VulnerabilityCenter entry updated
07/08/2015 +109 days VulDB entry updated


Researcher: Chris Ries
Status: Confirmed
Coordinated: Yes

CVE: CVE-2012-1713 ( ( (

SecurityFocus: 53946 - Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
Secunia: 49472 - Oracle Java Multiple Vulnerabilities, Highly Critical
SecurityTracker: 1027153 - Oracle Java SE Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service
Vulnerability Center: 35333 - [javacpujun2012-1515912] Oracle Java SE 7 Update 4 and Earlier Remote Unspecified Vulnerability, Critical
OSVDB: 82874 - Oracle Java SE / JRE 2D Sub-component Unspecified Remote Code Execution

See also: 5539, 5540, 5541, 5542, 5543, 5544, 5545, 5546, 5547, 5548, 5549 , 5550


Created: 06/14/2012
Updated: 07/08/2015
Entry: 93.4% complete