CVE-2012-4681 - Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update

CVE-2012-4681

Summary

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

References

Vulnerable Configurations

cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update33:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update33:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update29:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update29:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update31:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update31:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update27:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update27:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update32:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update32:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update34:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update34:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update30:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update30:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update33:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update33:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update34:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update34:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update12:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update12:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update14:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update14:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update16:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update16:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update18:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update18:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update19:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update19:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update20:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update20:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update21:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update21:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update16:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update16:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update18:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update18:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update19:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update19:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update20:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update20:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update21:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update21:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update8:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update8:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:-:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 21-12-2022 - 15:28)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

redhat via4

advisories

bugzilla

id	853228
title	CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.7.0-openjdk is earlier than 1:1.7.0.5-2.2.1.el6_3.3
oval oval:com.redhat.rhsa:tst:20121223001
comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009002

AND

comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.5-2.2.1.el6_3.3
oval oval:com.redhat.rhsa:tst:20121223003
comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009004

AND

comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.5-2.2.1.el6_3.3
oval oval:com.redhat.rhsa:tst:20121223005
comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009006

AND

comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.5-2.2.1.el6_3.3
oval oval:com.redhat.rhsa:tst:20121223007
comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009008

AND

comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.5-2.2.1.el6_3.3
oval oval:com.redhat.rhsa:tst:20121223009
comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009010

rhsa

id	RHSA-2012:1223
released	2012-09-03
severity	Important
title	RHSA-2012:1223: java-1.7.0-openjdk security update (Important)

rhsa
id RHSA-2012:1225

rpms

java-1.7.0-openjdk-1:1.7.0.5-2.2.1.el6_3.3
java-1.7.0-openjdk-debuginfo-1:1.7.0.5-2.2.1.el6_3.3
java-1.7.0-openjdk-demo-1:1.7.0.5-2.2.1.el6_3.3
java-1.7.0-openjdk-devel-1:1.7.0.5-2.2.1.el6_3.3
java-1.7.0-openjdk-javadoc-1:1.7.0.5-2.2.1.el6_3.3
java-1.7.0-openjdk-src-1:1.7.0.5-2.2.1.el6_3.3
java-1.7.0-oracle-1:1.7.0.7-1jpp.5.el6_3
java-1.7.0-oracle-devel-1:1.7.0.7-1jpp.5.el6_3
java-1.7.0-oracle-jdbc-1:1.7.0.7-1jpp.5.el6_3
java-1.7.0-oracle-plugin-1:1.7.0.7-1jpp.5.el6_3
java-1.7.0-oracle-src-1:1.7.0.7-1jpp.5.el6_3
java-1.7.0-ibm-1:1.7.0.2.0-1jpp.3.el6_3
java-1.7.0-ibm-demo-1:1.7.0.2.0-1jpp.3.el6_3
java-1.7.0-ibm-devel-1:1.7.0.2.0-1jpp.3.el6_3
java-1.7.0-ibm-jdbc-1:1.7.0.2.0-1jpp.3.el6_3
java-1.7.0-ibm-plugin-1:1.7.0.2.0-1jpp.3.el6_3
java-1.7.0-ibm-src-1:1.7.0.2.0-1jpp.3.el6_3

refmap via4

bid	55213
cert	TA12-240A
confirm	http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
hp	HPSBUX02824 SSRT100970
misc	http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/ http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day
secunia	51044
suse	SUSE-SU-2012:1231 SUSE-SU-2012:1398

saint via4

bid	55213
description	Oracle Java findMethod findClass Security Bypass
id	web_client_jre
osvdb	84867
title	oracle_java_findclass_findmethod_security_bypass
type	client

Last major update

21-12-2022 - 15:28

Published

28-08-2012 - 00:55

Last modified

21-12-2022 - 15:28