Lucene search
Chris RiesZDI-12-142HistoryAug 17, 2012 - 12:00 a.m.
Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability
2012-08-1700:00:00
Chris Ries
www.zerodayinitiative.com
15
0.269 Low
EPSS
Percentile
96.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the BasicService.showDocument Java Webstart function. This function allows additional parameters to be passed to the browser. Depending on which browser the user has set as default browser this could lead to remote code execution under the context of the current user.
Related
nvd
nvd
CVE-2012-1713
2012-06-16 21:55:03
cve
cve
CVE-2012-1713
2012-06-16 21:55:03
ubuntucve
ubuntucve
CVE-2012-1713
2012-06-16 00:00:00
prion
prion
Design/Logic Flaw
2012-06-16 21:55:00
cvelist
cvelist
CVE-2012-1713
2012-06-16 21:00:00
ibm
ibm
securityvulns
securityvulns
ZDI-12-142 : Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability
2012-08-20 00:00:00
Oracle Java multiple security vulnerabilities
2012-08-20 00:00:00
nessus
nessus
SuSE 11.2 Security Update : IBM Java (SAT Patch Number 6791)
2013-01-25 00:00:00
RHEL 5 : java-1.4.2-ibm-sap (RHSA-2012:1332)
2014-11-08 00:00:00
SuSE 10 Security Update : IBM Java (ZYPP Patch Number 8281)
2012-09-17 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2012:1177-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:1204-1)
2021-06-09 00:00:00
suse
suse
Security update for IBM Java (important)
2012-09-28 19:09:09
Security update for IBM Java (important)
2012-09-14 22:08:23
Security update for IBM Java (important)
2012-09-18 15:08:38
redhat
redhat
(RHSA-2012:1243) Critical: java-1.4.2-ibm security update
2012-09-07 00:00:00
(RHSA-2012:1332) Moderate: java-1.4.2-ibm-sap security update
2012-10-03 00:00:00
(RHSA-2012:1245) Critical: java-1.5.0-ibm security update
2012-09-07 00:00:00
veracode
veracode
Memory Corruption
2019-05-02 04:43:07
Denial Of Service (DoS)
2019-05-02 04:43:06
Information Disclosure
2019-05-02 04:43:06
centos
centos
java security update
2012-06-13 17:29:00
java security update
2012-06-13 18:29:41
java security update
2012-07-10 17:34:22
amazon
amazon
Important: java-1.6.0-openjdk
2012-06-19 15:58:00
osv
osv
openjdk-6 - several
2012-07-04 00:00:00
ubuntu
ubuntu
IcedTea-Web regression
2012-08-30 00:00:00
OpenJDK 6 vulnerabilities
2012-07-13 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2012-06-13 00:00:00
java-1.6.0-openjdk security update
2012-06-13 00:00:00
java-1.7.0-openjdk security and bug fix update
2012-06-29 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.3-2.2.1.fc17.8
2012-06-17 22:22:06
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-67.1.11.3.fc16
2012-06-16 00:05:51
[SECURITY] Fedora 16 Update: java-1.7.0-openjdk-1.7.0.3-2.2.1.fc16.7
2012-06-17 22:24:33
debian
debian
[SECURITY] [DSA 2507-1] openjdk-6 security update
2012-07-04 15:05:53
oracle
oracle
Oracle Critical Patch Update - July 2012
2012-07-17 00:00:00
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00