Lucene search
Vitaliy ToropovZDI-13-013HistoryFeb 11, 2013 - 12:00 a.m.
Oracle Java JavaFX WCMediaPlayer Remote Code Execution Vulnerability
2013-02-1100:00:00
Vitaliy Toropov
www.zerodayinitiative.com
18
EPSS
0.029
Percentile
90.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JavaFX WCMediaPlayer class. All WCMediaPlayer’s private native methods are accessible from descendant classes through corresponding protected methods. A value utilized by these native functions can be controlled by the class constructor and can be set to an arbitrary memory pointer to cause memory corruption. An attacker could leverage this to gain remote code execution under the context of the process.
Related
cvelist
cvelist
CVE-2012-1543
2013-02-02 00:00:00
zdi
zdi
Oracle Java JavaFX WCGraphicsManager Remote Code Execution Vulnerability
2013-02-11 00:00:00
ubuntucve
ubuntucve
CVE-2012-1543
2013-02-02 00:00:00
nvd
nvd
CVE-2012-1543
2013-02-02 00:55:01
prion
prion
Design/Logic Flaw
2013-02-02 00:55:00
cve
cve
CVE-2012-1543
2013-02-02 00:55:01
cert
cert
Oracle Java contains multiple vulnerabilities
2013-02-01 00:00:00
nessus
nessus
Oracle Java SE Multiple Vulnerabilities (February 2013 CPU)
2013-02-04 00:00:00
Oracle Java SE Multiple Vulnerabilities (February 2013 CPU) (Unix)
2013-02-22 00:00:00
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2013-03-19 00:00:00
