CVE-2012-4681 in Java SEinfo

Summary

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

08/27/2012

Disclosure

08/27/2012

Moderation

VulDB entry created

Entries

VDB-6014 (1)

CPE

ready

CWE

CWE-269 (Confirmed)

Exploit

Download

CVSS

9.8

EPSS

0.94140

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-4681
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-4681
CVE Details	https://www.cvedetails.com/cve/CVE-2012-4681/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!