CVE-2012-4681

Severity

99%

Complexity

99%

Confidentiality

165%

Per: http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html '7 Update 6 and before'

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

Per: http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html '7 Update 6 and before'

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 12 years ago

2012-08-28 00:55:00

Last updated 7 years ago

2017-08-05 01:29:00

Affected Software

Oracle JDK 1.6.0 Update 22

1.6.0

Oracle JDK 1.6.0 Update 23

1.6.0

Oracle JDK 1.6.0 Update 24

1.6.0

Oracle JDK 1.6.0 Update 25

1.6.0

Oracle JDK 1.6.0 Update 26

1.6.0

Oracle JDK 1.6.0 Update 27

1.6.0

Oracle JDK 1.6.0 Update 29

1.6.0

Oracle JDK 1.6.0 Update 30

1.6.0

Oracle JDK 1.6.0 Update 31

1.6.0

Oracle JDK 1.6.0 Update 32

1.6.0

Oracle JDK 1.6.0 Update 33

1.6.0

Oracle JDK 1.6.0 Update 34

1.6.0

Oracle JRE 1.6.0 Update 22

1.6.0

Oracle JRE 1.6.0 Update 23

1.6.0

Oracle JRE 1.6.0 Update 24

1.6.0

Oracle JRE 1.6.0 Update 25

1.6.0

Oracle JRE 1.6.0 Update 26

1.6.0

Oracle JRE 1.6.0 Update 27

1.6.0

Oracle JRE 1.6.0 Update 29

1.6.0

Oracle JRE 1.6.0 Update 30

1.6.0

Oracle JRE 1.6.0 Update 31

1.6.0

Oracle JRE 1.6.0 Update 32

1.6.0

Oracle JRE 1.6.0 Update 33

1.6.0

Oracle JRE 1.6.0 Update 34

1.6.0

Sun JDK 6 Update 1

1.6.0

Sun JDK 1.6.0_01-b06

1.6.0

Sun JDK 6 Update 2

1.6.0

Sun JDK 1.6.0 Update 10

1.6.0

Sun JDK 1.6.0 Update 11

1.6.0

Sun JDK 1.6.0 Update 12

1.6.0

Sun JDK 1.6.0 Update 13

1.6.0

Sun JDK 1.6.0 Update 14

1.6.0

Sun JDK 1.6.0 Update 15

1.6.0

Sun JDK 1.6.0 Update 16

1.6.0

Sun JDK 1.6.0 Update 17

1.6.0

Sun JDK 1.6.0 Update 18

1.6.0

Sun JDK 1.6.0 Update 19

1.6.0

Sun JDK 1.6.0 Update 3

1.6.0

Sun JDK 1.6.0 Update 4

1.6.0

Sun JDK 1.6.0 Update 5

1.6.0

Sun JDK 1.6.0 Update 6

1.6.0

Sun JDK 1.6.0 Update 7

1.6.0

Sun Jdk Update20 1.6.0.200

1.6.0.200

Sun Jdk Update21 1.6.0.210

1.6.0.210

Sun JRE 1.6.0

1.6.0

Sun JRE 1.6.0 Update 1

1.6.0

Sun JRE 1.6.0 Update 10

1.6.0

Sun JRE 1.6.0 Update 11

1.6.0

Sun JRE 1.6.0 Update 12

1.6.0

Sun JRE 1.6.0 Update 13

1.6.0

Sun JRE 1.6.0 Update 14

1.6.0

Sun JRE 1.6.0 Update 15

1.6.0

Sun JRE 1.6.0 Update 16

1.6.0

Sun JRE 1.6.0 Update 17

1.6.0

Sun JRE 1.6.0 Update 18

1.6.0

Sun JRE 1.6.0 Update 19

1.6.0

Sun JRE 1.6.0 Update 2

1.6.0

Sun JRE 1.6.0 Update 20

1.6.0

Sun JRE 1.6.0 Update 21

1.6.0

Sun JRE 1.6.0 Update 3

1.6.0

Sun JRE 1.6.0 Update 4

1.6.0

Sun JRE 1.6.0 Update 5

1.6.0

Sun JRE 1.6.0 Update 6

1.6.0

Sun JRE 1.6.0 Update 7

1.6.0

Oracle JDK 1.7.0

1.7.0

Oracle JDK 1.7.0 update1

1.7.0

Oracle JDK 1.7.0 update2

1.7.0

Oracle JDK 1.7.0 update3

1.7.0

Oracle JDK 1.7.0 Update 4

1.7.0

Oracle JDK 1.7.0 Update 5

1.7.0

Oracle JRE 1.7.0

1.7.0

Oracle JRE 1.7.0 update1

1.7.0

Oracle JRE 1.7.0 update2

1.7.0

Oracle JRE 1.7.0 update3

1.7.0

Oracle JRE 1.7.0 Update 4

1.7.0

Oracle JRE 1.7.0 Update 5

1.7.0

Oracle JRE

Sun JDK 1.4.2

1.4.2

Sun JDK 1.4.2_1

1.4.2_1

Sun JDK 1.4.2_2

1.4.2_2

Sun JDK 1.4.2_3

1.4.2_3

Sun JDK 1.4.2_4

1.4.2_4

Sun JDK 1.4.2_5

1.4.2_5

Sun JDK 1.4.2_6

1.4.2_6

Sun JDK 1.4.2_7

1.4.2_7

Sun JDK 1.4.2_8

1.4.2_8

Sun JDK 1.4.2_9

1.4.2_9

Sun JDK 1.4.2_10

1.4.2_10

Sun JDK 1.4.2_11

1.4.2_11

Sun JDK 1.4.2_12

1.4.2_12

Sun JDK 1.4.2_13

1.4.2_13

Sun JDK 1.4.2_14

1.4.2_14

Sun JDK 1.4.2_15

1.4.2_15

Sun JDK 1.4.2_16

1.4.2_16

Sun JDK 1.4.2_17

1.4.2_17

Sun JDK 1.4.2_18

1.4.2_18

Sun JDK 1.4.2_19

1.4.2_19

Sun JDK 1.4.2_22

1.4.2_22

Sun JDK 1.4.2_23

1.4.2_23

Sun JDK 1.4.2_25

1.4.2_25

Sun JDK 1.4.2_26

1.4.2_26

Sun JDK 1.4.2_27

1.4.2_27

Sun JDK 1.4.2_28

1.4.2_28

Sun JDK 1.4.2_29

1.4.2_29

Sun JDK 1.4.2_30

1.4.2_30

Sun JDK 1.4.2_31

1.4.2_31

Sun JDK 1.4.2_32

1.4.2_32

Sun JDK 1.4.2_33

1.4.2_33

Sun JDK 1.4.2_34

1.4.2_34

Sun JDK 1.4.2_35

1.4.2_35

Sun JDK 1.4.2_36

1.4.2_36

Sun JDK 1.4.2_37

1.4.2_37

Sun JRE 1.4.2_1

1.4.2_1

Sun JRE 1.4.2_2

1.4.2_2

Sun JRE 1.4.2_3

1.4.2_3

Sun JRE 1.4.2_4

1.4.2_4

Sun JRE 1.4.2_5

1.4.2_5

Sun JRE 1.4.2_6

1.4.2_6

Sun JRE 1.4.2_7

1.4.2_7

Sun JRE 1.4.2_8

1.4.2_8

Sun JRE 1.4.2_9

1.4.2_9

Sun JRE 1.4.2_10

1.4.2_10

Sun JRE 1.4.2_11

1.4.2_11

Sun JRE 1.4.2_12

1.4.2_12

Sun JRE 1.4.2_13

1.4.2_13

Sun JRE 1.4.2_14

1.4.2_14

Sun JRE 1.4.2_15

1.4.2_15

Sun JRE 1.4.2_16

1.4.2_16

Sun JRE 1.4.2_17

1.4.2_17

Sun JRE 1.4.2_18

1.4.2_18

Sun JRE 1.4.2_19

1.4.2_19

Sun JRE 1.4.2_20

1.4.2_20

Sun JRE 1.4.2_21

1.4.2_21

Sun JRE 1.4.2_22

1.4.2_22

Sun JRE 1.4.2_23

1.4.2_23

Sun JRE 1.4.2_24

1.4.2_24

Sun JRE 1.4.2_25

1.4.2_25

Sun JRE 1.4.2_26

1.4.2_26

Sun JRE 1.4.2_27

1.4.2_27

Sun JRE 1.4.2_28

1.4.2_28

Sun JRE 1.4.2_29

1.4.2_29

Sun JRE 1.4.2_30

1.4.2_30

Sun JRE 1.4.2_31

1.4.2_31

Sun JRE 1.4.2_32

1.4.2_32

Sun JRE 1.4.2_33

1.4.2_33

Sun JRE 1.4.2_34

1.4.2_34

Sun JRE 1.4.2_35

1.4.2_35

Sun JRE 1.4.2_36

1.4.2_36

Sun JRE 1.4.2_37

1.4.2_37

Sun JDK 1.5.0

1.5.0

Sun JDK 5.0 Update1

1.5.0

Sun JDK 5.0 Update10

1.5.0

Sun JDK 5.0 Update11

1.5.0

Sun JDK 1.5.0_11 b03

1.5.0

Sun JDK 5.0 Update12

1.5.0

Sun JDK 5.0 Update 13

1.5.0

Sun JDK 5.0 Update 14

1.5.0

Sun JDK 5.0 Update 15

1.5.0

Sun JDK 5.0 Update 16

1.5.0

Sun JDK 5.0 Update 17

1.5.0

Sun JDK 5.0 Update 18

1.5.0

Sun JDK 5.0 Update 19

1.5.0

Sun JDK 5.0 Update2

1.5.0

Sun JDK 5.0 Update 20

1.5.0

Sun JDK 5.0 Update 21

1.5.0

Sun JDK 5.0 Update 22

1.5.0

Sun JDK 5.0 Update 23

1.5.0

Sun JDK 5.0 Update 24

1.5.0

Sun JDK 5.0 Update 25

1.5.0

Sun JDK 5.0 Update 26

1.5.0

Sun JDK 5.0 Update 27

1.5.0

Sun JDK 5.0 Update 28

1.5.0

Sun JDK 5.0 Update 29

1.5.0

Sun JDK 5.0 Update3

1.5.0

Sun JDK 5.0 Update 31

1.5.0

Sun JDK 1.5.0_33 (JDK 5.0 Update 33)

1.5.0

Sun JDK 5.0 Update4

1.5.0

Sun JDK 5.0 Update5

1.5.0

Sun JDK 1.5.0_6

1.5.0

Sun JDK 5.0 Update7

1.5.0

Sun JDK 1.5 _07-b03

1.5.0

Sun JDK 5.0 Update8

1.5.0

Sun JDK 5.0 Update9

1.5.0

Sun JRE 1.5.0

1.5.0

Sun JRE 1.5.0_1 (JRE 5.0 Update 1)

1.5.0

Sun JRE 1.5.0_10 (JRE 5.0 Update 10)

1.5.0

Sun JRE 1.5.0_11 (JRE 5.0 Update 11)

1.5.0

Sun JRE 1.5.0_12 (JRE 5.0 Update 12)

1.5.0

Sun JRE 1.5.0_13 (JRE 5.0 Update 13)

1.5.0

Sun JRE 1.5.0_14 (JRE 5.0 Update 14)

1.5.0

Sun JRE 1.5.0_15 (JRE 5.0 Update 15)

1.5.0

Sun JRE 1.5.0_16 (JRE 5.0 Update 16)

1.5.0

Sun JRE 1.5.0_17 (JRE 5.0 Update 17)

1.5.0

Sun JRE 1.5.0_18 (JRE 5.0 Update 18)

1.5.0

Sun JRE 1.5.0_19 (JRE 5.0 Update 19)

1.5.0

Sun JRE 1.5.0_2 (JRE 5.0 Update 2)

1.5.0

Sun JRE 1.5.0_20 (JRE 5.0 Update 20)

1.5.0

Sun JRE 1.5.0_21 (JRE 5.0 Update 21)

1.5.0

Sun JRE 1.5.0_22 (JRE 5.0 Update 22)

1.5.0

Sun JRE 1.5.0_23 (JRE 5.0 Update 23)

1.5.0

Sun JRE 1.5.0_24 (JRE 5.0 Update 24)

1.5.0

Sun JRE 1.5.0_25 (JRE 5.0 Update 25)

1.5.0

Sun JRE 1.5.0_26 (JRE 5.0 Update 26)

1.5.0

Sun JRE 1.5.0_27 (JRE 5.0 Update 27)

1.5.0

Sun JRE 1.5.0_28 (JRE 5.0 Update 28)

1.5.0

Sun JRE 1.5.0_29 (JRE 5.0 Update 29)

1.5.0

Sun JRE 1.5.0_3 (JRE 5.0 Update 3)

1.5.0

Sun JRE 1.5.0_31 (JRE 5.0 Update 31)

1.5.0

Sun JRE 1.5.0_33 (JRE 5.0 Update 33)

1.5.0

Sun JRE 1.5.0_4 (JRE 5.0 Update 4)

1.5.0

Sun JRE 1.5.0_5 (JRE 5.0 Update 5)

1.5.0

Sun JRE 1.5.0_6 (JRE 5.0 Update 6)

1.5.0

Sun JRE 1.5.0_7 (JRE 5.0 Update 7)

1.5.0

Sun JRE 1.5.0_8 (JRE 5.0 Update 8)

1.5.0

Sun JRE 1.5.0_9 (JRE 5.0 Update 9)

1.5.0

References

http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html

http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html

http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/

Exploit

SUSE-SU-2012:1231

SUSE-SU-2012:1398

SSRT100970

RHSA-2012:1225

51044

http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html

http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

55213

TA12-240A

US Government Resource

https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.