CVE-2012-4681

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 28-08-2012 02:55

Last modified: - 13-05-2022 04:52

Total changes: - 2

Description

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

10.0

Base score

10.0

Exploitability score

Impact score

Verification logic

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_4

vendor=sun AND product=jre AND version=1.6.0 AND update=update_3

vendor=sun AND product=jre AND version=1.6.0 AND update=update_5

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_7

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_19

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_13

vendor=sun AND product=jre AND version=1.6.0 AND update=update_13

vendor=sun AND product=jre AND version=1.6.0 AND update=update_1

vendor=sun AND product=jre AND version=1.6.0 AND update=update_2

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_3

vendor=sun AND product=jre AND version=1.6.0 AND update=update_20

vendor=sun AND product=jre AND version=1.6.0 AND update=update_19

vendor=sun AND product=jre AND version=1.6.0 AND update=update_6

vendor=sun AND product=jre AND version=1.6.0 AND update=update_17

vendor=sun AND product=jre AND version=1.6.0 AND update=update_18

vendor=sun AND product=jdk AND version=1.6.0.200 AND update=update20

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_11

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_10

vendor=sun AND product=jdk AND version=1.6.0 AND update=update1_b06

vendor=sun AND product=jdk AND version=1.6.0 AND update=update1

vendor=sun AND product=jre AND version=1.6.0 AND update=update_16

vendor=sun AND product=jre AND version=1.6.0 AND update=update_15

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_17

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_16

vendor=sun AND product=jre AND version=1.6.0 AND update=update_10

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_14

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_5

vendor=sun AND product=jre AND version=1.6.0 AND update=update_21

vendor=sun AND product=jre AND version=1.6.0

vendor=sun AND product=jdk AND version=1.6.0 AND update=update2

vendor=oracle AND product=jre AND version=1.6.0 AND update=update29

vendor=oracle AND product=jre AND version=1.6.0 AND update=update30

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update29

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update27

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_18

vendor=oracle AND product=jre AND version=1.6.0 AND update=update22

vendor=oracle AND product=jre AND version=1.6.0 AND update=update23

vendor=sun AND product=jre AND version=1.6.0 AND update=update_12

vendor=oracle AND product=jre AND version=1.6.0 AND update=update32

vendor=oracle AND product=jre AND version=1.6.0 AND update=update33

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update26

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update25

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_6

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update32

vendor=oracle AND product=jre AND version=1.6.0 AND update=update24

vendor=oracle AND product=jre AND version=1.6.0 AND update=update25

vendor=sun AND product=jre AND version=1.6.0 AND update=update_7

vendor=sun AND product=jre AND version=1.6.0 AND update=update_11

vendor=sun AND product=jre AND version=1.6.0 AND update=update_14

vendor=oracle AND product=jre AND version=1.6.0 AND update=update34

vendor=oracle AND product=jre AND update=update35 AND versionEndIncluding=1.6.0

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update24

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update23

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_15

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update34

vendor=oracle AND product=jdk AND update=update35 AND versionEndIncluding=1.6.0

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update33

vendor=oracle AND product=jre AND version=1.6.0 AND update=update31

vendor=oracle AND product=jre AND version=1.6.0 AND update=update26

vendor=oracle AND product=jre AND version=1.6.0 AND update=update27

vendor=sun AND product=jre AND version=1.6.0 AND update=update_4

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update31

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update30

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update22

vendor=sun AND product=jdk AND version=1.6.0.210 AND update=update21

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_12

vendor=oracle AND product=jdk AND update=update6 AND versionEndIncluding=1.7.0

vendor=oracle AND product=jdk AND version=1.7.0 AND update=update5

vendor=oracle AND product=jre AND version=1.7.0 AND update=update3

vendor=oracle AND product=jdk AND version=1.7.0 AND update=update2

vendor=oracle AND product=jdk AND version=1.7.0

vendor=oracle AND product=jre AND update=update6 AND versionEndIncluding=1.7.0

vendor=oracle AND product=jre AND version=1.7.0 AND update=update2

vendor=oracle AND product=jdk AND version=1.7.0 AND update=update3

vendor=oracle AND product=jre AND version=1.7.0 AND update=update5

vendor=oracle AND product=jre AND version=1.7.0 AND update=update4

vendor=oracle AND product=jre AND version=1.7.0

vendor=oracle AND product=jdk AND version=1.7.0 AND update=update1

vendor=oracle AND product=jdk AND version=1.7.0 AND update=update4

vendor=oracle AND product=jre AND version=1.7.0 AND update=update1

vendor=sun AND product=jre AND version=1.4.2_26

vendor=sun AND product=jdk AND version=1.4.2_13

vendor=sun AND product=jdk AND version=1.4.2_30

vendor=sun AND product=jre AND version=1.4.2_7

vendor=sun AND product=jre AND version=1.4.2_27

vendor=sun AND product=jdk AND version=1.4.2_12

vendor=sun AND product=jdk AND version=1.4.2_31

vendor=sun AND product=jre AND version=1.4.2_16

vendor=sun AND product=jdk AND version=1.4.2_3

vendor=sun AND product=jre AND version=1.4.2_24

vendor=sun AND product=jre AND version=1.4.2_4

vendor=sun AND product=jre AND version=1.4.2_13

vendor=sun AND product=jre AND version=1.4.2_29

vendor=sun AND product=jdk AND version=1.4.2_8

vendor=sun AND product=jdk AND version=1.4.2_16

vendor=sun AND product=jre AND version=1.4.2_1

vendor=sun AND product=jre AND version=1.4.2_8

vendor=sun AND product=jre AND version=1.4.2_25

vendor=sun AND product=jdk AND version=1.4.2_23

vendor=sun AND product=jdk AND version=1.4.2_32

vendor=sun AND product=jre AND version=1.4.2_15

vendor=sun AND product=jre AND version=1.4.2_31

vendor=sun AND product=jdk AND version=1.4.2_18

vendor=sun AND product=jdk AND version=1.4.2_19

vendor=sun AND product=jdk AND version=1.4.2_29

vendor=oracle AND product=jdk AND versionEndIncluding=1.4.2_38

vendor=sun AND product=jre AND version=1.4.2_2

vendor=sun AND product=jre AND version=1.4.2_19

vendor=sun AND product=jdk AND version=1.4.2_6

vendor=sun AND product=jdk AND version=1.4.2_26

vendor=sun AND product=jre AND version=1.4.2_14

vendor=sun AND product=jre AND version=1.4.2_21

vendor=sun AND product=jre AND version=1.4.2_22

vendor=sun AND product=jre AND version=1.4.2_30

vendor=sun AND product=jre AND version=1.4.2_37

vendor=sun AND product=jdk AND version=1.4.2

vendor=sun AND product=jdk AND version=1.4.2_7

vendor=sun AND product=jdk AND version=1.4.2_27

vendor=sun AND product=jdk AND version=1.4.2_28

vendor=sun AND product=jdk AND version=1.4.2_35

vendor=sun AND product=jdk AND version=1.4.2_36

vendor=sun AND product=jre AND version=1.4.2_9

vendor=sun AND product=jre AND version=1.4.2_17

vendor=sun AND product=jre AND version=1.4.2_18

vendor=sun AND product=jre AND version=1.4.2_33

vendor=sun AND product=jre AND version=1.4.2_35

vendor=sun AND product=jdk AND version=1.4.2_4

vendor=sun AND product=jdk AND version=1.4.2_11

vendor=sun AND product=jdk AND version=1.4.2_22

vendor=sun AND product=jre AND version=1.4.2_23

vendor=sun AND product=jre AND version=1.4.2_32

vendor=sun AND product=jdk AND version=1.4.2_1

vendor=sun AND product=jdk AND version=1.4.2_2

vendor=sun AND product=jdk AND version=1.4.2_9

vendor=sun AND product=jdk AND version=1.4.2_10

vendor=sun AND product=jdk AND version=1.4.2_17

vendor=sun AND product=jdk AND version=1.4.2_37

vendor=sun AND product=jre AND version=1.4.2_3

vendor=sun AND product=jre AND version=1.4.2_10

vendor=sun AND product=jre AND version=1.4.2_11

vendor=sun AND product=jre AND version=1.4.2_12

vendor=sun AND product=jre AND version=1.4.2_20

vendor=sun AND product=jre AND version=1.4.2_28

vendor=sun AND product=jre AND version=1.4.2_36

vendor=oracle AND product=jre AND versionEndIncluding=1.4.2_38

vendor=sun AND product=jdk AND version=1.4.2_5

vendor=sun AND product=jdk AND version=1.4.2_14

vendor=sun AND product=jdk AND version=1.4.2_25

vendor=sun AND product=jdk AND version=1.4.2_33

vendor=sun AND product=jdk AND version=1.4.2_34

vendor=sun AND product=jre AND version=1.4.2_5

vendor=sun AND product=jdk AND version=1.4.2_15

vendor=sun AND product=jre AND version=1.4.2_34

vendor=sun AND product=jre AND version=1.4.2_6

vendor=sun AND product=jre AND version=1.5.0 AND update=update22

vendor=sun AND product=jre AND version=1.5.0 AND update=update31

vendor=sun AND product=jre AND version=1.5.0

vendor=sun AND product=jdk AND version=1.5.0 AND update=update20

vendor=sun AND product=jdk AND version=1.5.0 AND update=update15

vendor=sun AND product=jdk AND version=1.5.0 AND update=update18

vendor=sun AND product=jre AND version=1.5.0 AND update=update18

vendor=sun AND product=jdk AND version=1.5.0 AND update=update27

vendor=sun AND product=jdk AND version=1.5.0 AND update=update3

vendor=sun AND product=jre AND version=1.5.0 AND update=update27

vendor=sun AND product=jre AND version=1.5.0 AND update=update12

vendor=sun AND product=jre AND version=1.5.0 AND update=update11

vendor=sun AND product=jre AND version=1.5.0 AND update=update2

vendor=sun AND product=jdk AND version=1.5.0 AND update=update31

vendor=sun AND product=jre AND version=1.5.0 AND update=update24

vendor=sun AND product=jre AND version=1.5.0 AND update=update16

vendor=sun AND product=jre AND version=1.5.0 AND update=update8

vendor=sun AND product=jdk AND version=1.5.0 AND update=update22

vendor=sun AND product=jdk AND version=1.5.0 AND update=update11

vendor=sun AND product=jdk AND version=1.5.0 AND update=update17

vendor=sun AND product=jdk AND version=1.5.0 AND update=update16

vendor=sun AND product=jdk AND version=1.5.0 AND update=update28

vendor=sun AND product=jdk AND version=1.5.0 AND update=update29

vendor=sun AND product=jdk AND version=1.5.0 AND update=update26

vendor=sun AND product=jre AND version=1.5.0 AND update=update26

vendor=sun AND product=jdk AND version=1.5.0 AND update=update9

vendor=sun AND product=jre AND version=1.5.0 AND update=update21

vendor=sun AND product=jre AND version=1.5.0 AND update=update13

vendor=sun AND product=jdk AND version=1.5.0 AND update=update6

vendor=sun AND product=jdk AND version=1.5.0 AND update=update21

vendor=sun AND product=jre AND version=1.5.0 AND update=update29

vendor=sun AND product=jre AND version=1.5.0 AND update=update28

vendor=sun AND product=jre AND version=1.5.0 AND update=update20

vendor=sun AND product=jre AND version=1.5.0 AND update=update19

vendor=sun AND product=jre AND version=1.5.0 AND update=update4

vendor=sun AND product=jre AND version=1.5.0 AND update=update3

vendor=sun AND product=jdk AND version=1.5.0 AND update=update5

vendor=sun AND product=jdk AND version=1.5.0 AND update=update4

vendor=sun AND product=jdk AND version=1.5.0 AND update=update33

vendor=oracle AND product=jre AND update=update36 AND versionEndIncluding=1.5.0

vendor=sun AND product=jre AND version=1.5.0 AND update=update23

vendor=sun AND product=jre AND version=1.5.0 AND update=update15

vendor=sun AND product=jre AND version=1.5.0 AND update=update7

vendor=oracle AND product=jdk AND update=update36 AND versionEndIncluding=1.5.0

vendor=sun AND product=jdk AND version=1.5.0 AND update=update10

vendor=sun AND product=jdk AND version=1.5.0 AND update=update1

vendor=sun AND product=jdk AND version=1.5.0 AND update=update25

vendor=sun AND product=jdk AND version=1.5.0 AND update=update8

vendor=sun AND product=jre AND version=1.5.0 AND update=update25

vendor=sun AND product=jre AND version=1.5.0 AND update=update17

vendor=sun AND product=jre AND version=1.5.0 AND update=update10

vendor=sun AND product=jre AND version=1.5.0 AND update=update9

vendor=sun AND product=jre AND version=1.5.0 AND update=update1

vendor=sun AND product=jdk AND version=1.5.0 AND update=update23

vendor=sun AND product=jdk AND version=1.5.0 AND update=update19

vendor=sun AND product=jdk AND version=1.5.0 AND update=update12

vendor=sun AND product=jdk AND version=1.5.0 AND update=update14

vendor=sun AND product=jdk AND version=1.5.0 AND update=update24

vendor=sun AND product=jdk AND version=1.5.0 AND update=update7

vendor=sun AND product=jre AND version=1.5.0 AND update=update33

vendor=sun AND product=jre AND version=1.5.0 AND update=update14

vendor=sun AND product=jre AND version=1.5.0 AND update=update6

vendor=sun AND product=jre AND version=1.5.0 AND update=update5

vendor=sun AND product=jdk AND version=1.5.0

vendor=sun AND product=jdk AND version=1.5.0 AND update=update7_b03

vendor=sun AND product=jdk AND version=1.5.0 AND update=update11_b03

vendor=sun AND product=jdk AND version=1.5.0 AND update=update2

vendor=sun AND product=jdk AND version=1.5.0 AND update=update13

Reference

Keywords

CVE-2012-4681

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2012-4681

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures