Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:689784CB7D45280770C605D47770F3CA
HistoryAug 30, 2012 - 12:00 a.m.

Oracle Java findMethod findClass Security Bypass

2012-08-3000:00:00
SAINT Corporation
download.saintcorporation.com
68

EPSS

0.975

Percentile

100.0%

JSON

Added: 08/30/2012
CVE: CVE-2012-4681
BID: 55213
OSVDB: 84867

Background

Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets.

Problem

In Java 7.0 prior to Update 7, two vulnerabilities exist that allow malicious applets to execute arbitrary code outside the Java security sandbox. If an attacker were to host such a malicious applet on a website, they could execute arbitrary code on the systems of any vulnerable users who load the applet.

Resolution

Update to Java 7 Update 7.

References

<http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html&gt;
<http://krebsonsecurity.com/2012/08/attackers-pounce-on-zero-day-java-exploit/&gt;
<http://www.techworld.com.au/article/434757/unpatched_java_vulnerability_exploited_targeted_attacks_researchers_say/&gt;

Limitations

This exploit has been tested against Oracle JRE 7 Update 6 on the following platforms:

  • Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn) using Internet Explorer 8 or 9
  • Apple Mac OS X 10.7.4 using Safari
  • Ubuntu Desktop 12.04 LTS using Firefox

Platforms

Windows
Mac OS X
Linux

Related

cve 3
nessus 24
saint 3
threatpost 13
attackerkb 3
securityvulns 2
freebsd 1
openvas 39
ubuntucve 2
checkpoint_advisories 2
thn 4
fedora 13
cisa_kev 1
cvelist 2
canvas 1
cisa 1
metasploit 1
prion 2
nvd 3
cert 1
myhack58 1
seebug 1
zdi 1
centos 1
redhat 3
suse 3
oraclelinux 1
securelist 1
gentoo 1
cve
cve
CVE-2012-4681
2012-08-28 00:55:01
CVE-2012-3539
2022-10-03 16:15:22
CVE-2013-0422
2013-01-10 21:55:00
nessus
nessus
FreeBSD : Java 1.7 -- security manager bypass (16846d1e-f1de-11e1-8bd8-0022156e8794)
2012-08-31 00:00:00
Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (20120904)
2012-09-13 00:00:00
Fedora 17 : java-1.7.0-openjdk-1.7.0.6-2.3.1.fc17.2 (2012-13131)
2012-09-04 00:00:00
saint
saint
Oracle Java findMethod findClass Security Bypass
2012-08-30 00:00:00
Oracle Java findMethod findClass Security Bypass
2012-08-30 00:00:00
Oracle Java findMethod findClass Security Bypass
2012-08-30 00:00:00
threatpost
threatpost
Oracle Releases Fix For Java CVE-2012-4681 Flaw
2012-08-30 18:12:34
Newest Java 7 Update Still Exploitable, Researcher Says
2012-09-04 15:08:53
Nasty New Java Zero Day Found; Exploit Kits Already Have It
2013-01-10 15:15:21
attackerkb
attackerkb
CVE-2012-4681
2012-08-28 00:00:00
Java 7 Applet Remote Code Execution
2012-08-28 00:00:00
CVE-2013-0422
2013-01-10 00:00:00
securityvulns
securityvulns
Java environment limitations bypass
2012-09-02 00:00:00
[SE-2012-01] New security issue affecting Java SE 7 Update 7
2012-09-02 00:00:00
freebsd
freebsd
Java 1.7 -- security manager bypass
2012-08-27 00:00:00
openvas
openvas
Fedora Update for java-1.7.0-openjdk FEDORA-2012-16346
2012-10-19 00:00:00
Fedora Update for java-1.7.0-openjdk FEDORA-2013-2813
2013-02-22 00:00:00
Fedora Update for java-1.7.0-openjdk FEDORA-2012-16346
2012-10-19 00:00:00
ubuntucve
ubuntucve
CVE-2012-4681
2012-08-28 00:00:00
CVE-2013-0422
2013-01-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Java 7 Applet RCE Gondvv (CVE-2012-4681)
2012-08-28 00:00:00
Preemptive Protection against Oracle JRE Restrictions Bypass Remote Code Execution (CVE-2012-4681)
2012-10-01 00:00:00
thn
thn
Oracle releases patches for Java vulnerability CVE-2012-4681
2012-08-31 22:39:00
Exploit Packs updated with New Java Zero-Day vulnerability
2013-01-10 18:09:00
Exploit Packs updated with New Java Zero-Day vulnerability
2013-01-10 07:09:00
fedora
fedora
[SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.6-2.3.1.fc18.2
2012-09-17 22:40:47
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.6-2.3.1.fc17.2
2012-09-03 22:53:20
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.fc17
2013-06-20 02:29:10
cisa_kev
cisa_kev
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
2022-03-03 00:00:00
cvelist
cvelist
CVE-2012-4681
2012-08-28 00:00:00
CVE-2013-0422
2013-01-10 21:23:00
canvas
canvas
Immunity Canvas: JAVA_FORNAME_GETFIELD
2012-08-28 00:55:00
cisa
cisa
US-CERT Releases Oracle Java JRE 1.7 Security Advisory
2012-08-28 00:00:00
metasploit
metasploit
Java 7 Applet Remote Code Execution
2012-08-27 09:25:04
prion
prion
Design/Logic Flaw
2012-08-28 00:55:00
Design/Logic Flaw
2013-01-10 21:55:00
nvd
nvd
CVE-2012-4681
2012-08-28 00:55:01
CVE-2012-3539
2012-08-28 16:55:02
CVE-2013-0422
2013-01-10 21:55:00
cert
cert
Oracle Java JRE 1.7 Expression.execute() and SunToolkit.getField() fail to restrict access to privileged code
2012-08-27 00:00:00
myhack58
myhack58
The New Year initial, Java break first 0day-vulnerability warning-the black bar safety net
2013-01-11 00:00:00
seebug
seebug
Oracle Sun JRE 1.x θΏœη¨‹JRE漏洞
2012-09-04 00:00:00
zdi
zdi
Oracle Java java.beans.Statement Remote Code Execution Vulnerability
2012-12-21 00:00:00
centos
centos
java security update
2012-09-03 14:37:23
redhat
redhat
(RHSA-2012:1223) Important: java-1.7.0-openjdk security update
2012-09-03 00:00:00
(RHSA-2012:1225) Critical: java-1.7.0-oracle security update
2012-09-04 00:00:00
(RHSA-2012:1289) Critical: java-1.7.0-ibm security update
2012-09-18 00:00:00
suse
suse
java-1_7_0-openjdk: security fix for remote exploit (critical)
2012-09-12 19:08:39
Security update for IBM Java (important)
2012-09-25 00:09:19
Security update for OpenJDK (important)
2012-10-24 22:08:57
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2012-09-03 00:00:00
securelist
securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
2017-11-16 10:00:34
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

EPSS

0.975

Percentile

100.0%

JSON
Related for SAINT:689784CB7D45280770C605D47770F3CA
cve3nessus24saint3threatpost13attackerkb3securityvulns2freebsd1openvas39ubuntucve2checkpoint_advisories2thn4fedora13cisa_kev1cvelist2canvas1cisa1metasploit1prion2nvd3cert1myhack581seebug1zdi1centos1redhat3suse3oraclelinux1securelist1gentoo1