Lucene search
Chris RiesZDI-12-189HistoryDec 21, 2012 - 12:00 a.m.
Oracle Java WebStart Changing System Properties Remote Code Execution Vulnerability
2012-12-2100:00:00
Chris Ries
www.zerodayinitiative.com
17
0.123 Low
EPSS
Percentile
95.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because it is possible to change system properties through trusted JNLP files. If a JNLP file requests “” and only references signed, trusted JAR files, it can set all System properties. By referencing a trusted JNLP file from an untrusted one it is possible to change System Properties that can lead to remote code execution under the context of the current user.
Related
cve
cve
CVE-2012-1722
2012-06-16 21:55:03
CVE-2012-1721
2012-06-16 21:55:03
nvd
nvd
CVE-2012-1721
2012-06-16 21:55:03
CVE-2012-1722
2012-06-16 21:55:03
prion
prion
Design/Logic Flaw
2012-06-16 21:55:00
Design/Logic Flaw
2012-06-16 21:55:00
ubuntucve
ubuntucve
CVE-2012-1721
2012-06-16 00:00:00
CVE-2012-1722
2012-06-16 00:00:00
cvelist
cvelist
CVE-2012-1722
2012-06-16 21:00:00
CVE-2012-1721
2012-06-16 21:00:00
openvas
openvas
Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(02) - (Windows)
2012-08-23 00:00:00
Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities - 02 - (javacpujun2012) - Windows
2012-08-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:1265-1)
2021-06-09 00:00:00
veracode
veracode
Memory Corruption
2019-05-02 04:43:07
Memory Corruption
2019-05-02 04:43:07
Denial Of Service (DoS)
2019-05-02 04:43:07
suse
suse
Security update for IBM Java (important)
2012-09-28 15:08:47
Security update for IBM Java (important)
2012-09-25 00:09:19
nessus
nessus
RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:1238)
2012-09-07 00:00:00
SuSE 11.2 Security Update : IBM Java (SAT Patch Number 6793)
2013-01-25 00:00:00
SuSE 10 Security Update : IBM Java (ZYPP Patch Number 8284)
2012-09-29 00:00:00
redhat
redhat
(RHSA-2012:1238) Critical: java-1.6.0-ibm security update
2012-09-06 00:00:00
(RHSA-2012:0734) Critical: java-1.6.0-sun security update
2012-06-13 00:00:00
(RHSA-2012:1019) Critical: java-1.7.0-oracle security update
2012-06-20 00:00:00
ibm
ibm
Potential security vulnerabilities with JavaTM SDKs
2018-06-17 14:07:58
Security bulletin: Potential security vulnerabilities in IBM DataQuant with JRE 6
2022-09-25 23:13:40
Security Bulletin: Multiple Vulnerabilities in Rational Synergy
2020-12-22 17:41:28
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2012-08-20 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00