CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
94.4%
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX
2.2.4 and earlier allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors, a different vulnerability
than other CVEs listed in the February 2013 CPU. NOTE: the previous
information is from the February 2013 CPU. Oracle has not commented on
claims from a third party that the issue allows remote attackers to execute
arbitrary code via vectors related to an “invalid type cast” and exposed
native methods in the T2KGlyph class.
Author | Note |
---|---|
jdstrand | per Debian. JavaFX not part of OpenJDK |
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-February/021708.html
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-February/021728.html
www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
launchpad.net/bugs/cve/CVE-2012-4305
nvd.nist.gov/vuln/detail/CVE-2012-4305
security-tracker.debian.org/tracker/CVE-2012-4305
www.cve.org/CVERecord?id=CVE-2012-4305