This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the java.beans.Expression class. Due to unsafe handling of reflection of privileged classes inside the Expression class it is possible for untrusted code to gain access to privileged methods and properties. This can result in remote code execution under the context of the current process.

References

www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

openvas 56

redhat 7

oraclelinux 3

nessus 37

suse 5

centos 3

fedora 13

cisa 1

saint 4

threatpost 13

thn 4

metasploit 1

canvas 1

attackerkb 3

cisa_kev 1

securityvulns 2

cve 5

freebsd 1

checkpoint_advisories 2

ubuntucve 4

myhack58 1

prion 4

cert 1

seebug 1

amazon 1

ubuntu 1

securelist 1

veracode 22

gentoo 1

openvas

Oracle Java SE JRE Multiple Remote Code Execution Vulnerabilities - Windows

2012-09-03 00:00:00

Oracle Java SE JRE Multiple Remote Code Execution Vulnerabilities - (Windows)

2012-09-03 00:00:00

CentOS Update for java CESA-2012:1223 centos6

2012-09-04 00:00:00

redhat

(RHSA-2012:1225) Critical: java-1.7.0-oracle security update

2012-09-04 00:00:00

(RHSA-2012:1223) Important: java-1.7.0-openjdk security update

2012-09-03 00:00:00

(RHSA-2012:1222) Important: java-1.6.0-openjdk security update

2012-09-03 00:00:00

oraclelinux

java-1.7.0-openjdk security update

2012-09-03 00:00:00

java-1.6.0-openjdk security update

2012-09-03 00:00:00

java-1.6.0-openjdk security update

2012-09-03 00:00:00

nessus

RHEL 6 : java-1.7.0-openjdk (RHSA-2012:1223)

2012-09-04 00:00:00

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20120903)

2012-09-05 00:00:00

Oracle Java JDK / JRE 6 < Update 35 Multiple Vulnerabilities

2013-02-22 00:00:00

suse

java-1_7_0-openjdk: security fix for remote exploit (critical)

2012-09-12 19:08:39

Security update for OpenJDK (critical)

2012-09-12 06:08:36

java-1_6_0-openjdk: icedtea-web update to 1.11.4 (bnc#) (critical)

2012-09-14 14:13:53

centos

java security update

2012-09-03 14:37:23

java security update

2012-09-03 14:36:46

java security update

2012-09-03 14:26:49

fedora

[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.fc17

2013-06-20 02:29:10

[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.6-2.3.1.fc17.2

2012-09-03 22:53:20

[SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.6-2.3.1.fc18.2

2012-09-17 22:40:47

cisa

US-CERT Releases Oracle Java JRE 1.7 Security Advisory

2012-08-28 00:00:00

saint

Oracle Java findMethod findClass Security Bypass

2012-08-30 00:00:00

Oracle Java findMethod findClass Security Bypass

2012-08-30 00:00:00

Oracle Java findMethod findClass Security Bypass

2012-08-30 00:00:00

threatpost

Computer Virus Blacks Out Qatari Gas Producer

2012-08-30 16:48:35

Nasty New Java Zero Day Found; Exploit Kits Already Have It

2013-01-10 15:15:21

Oracle Releases Fix For Java CVE-2012-4681 Flaw

2012-08-30 18:12:34

thn

Exploit Packs updated with New Java Zero-Day vulnerability

2013-01-10 18:09:00

Oracle releases patches for Java vulnerability CVE-2012-4681

2012-08-31 22:39:00

Exploit Packs updated with New Java Zero-Day vulnerability

2013-01-10 07:09:00

metasploit

Java 7 Applet Remote Code Execution

2012-08-27 09:25:04

canvas

Immunity Canvas: JAVA_FORNAME_GETFIELD

2012-08-28 00:55:00

attackerkb

Java 7 Applet Remote Code Execution

2012-08-28 00:00:00

CVE-2012-4681

2012-08-28 00:00:00

CVE-2013-0422

2013-01-10 00:00:00

cisa_kev

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

2022-03-03 00:00:00

securityvulns

Java environment limitations bypass

2012-09-02 00:00:00

[SE-2012-01] New security issue affecting Java SE 7 Update 7

2012-09-02 00:00:00

cve

CVE-2012-4681

2012-08-28 00:55:00

CVE-2012-3539

2012-08-28 16:55:00

CVE-2012-1682

2012-08-30 23:55:00

freebsd

Java 1.7 -- security manager bypass

2012-08-27 00:00:00

checkpoint_advisories

Java 7 Applet RCE Gondvv (CVE-2012-4681)

2012-08-28 00:00:00

Preemptive Protection against Oracle JRE Restrictions Bypass Remote Code Execution (CVE-2012-4681)

2012-10-01 00:00:00

ubuntucve

CVE-2012-4681

2012-08-28 00:00:00

CVE-2012-3136

2012-08-30 00:00:00

CVE-2012-1682

2012-09-03 00:00:00

myhack58

The New Year initial, Java break first 0day-vulnerability warning-the black bar safety net

2013-01-11 00:00:00

prion

Design/Logic Flaw

2012-08-28 00:55:00

Design/Logic Flaw

2012-08-30 23:55:00

Design/Logic Flaw

2012-08-30 23:55:00

cert

Oracle Java JRE 1.7 Expression.execute() and SunToolkit.getField() fail to restrict access to privileged code

2012-08-27 00:00:00

seebug

Oracle Sun JRE 1.x 远程JRE漏洞

2012-09-04 00:00:00

amazon

Important: java-1.6.0-openjdk

2012-09-04 10:22:00

ubuntu

OpenJDK 6 vulnerabilities

2012-09-03 00:00:00

securelist

Investigation Report for the September 2014 Equation malware detection incident in the US

2017-11-16 10:00:34

veracode

Arbitrary Code Execution

2019-05-02 04:41:05

Arbitrary Code Execution

2019-05-02 04:41:05

Authorization Bypass

2019-05-02 04:41:06

gentoo

Oracle JRE/JDK: Multiple vulnerabilities

2014-01-27 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Related for ZDI-12-197