CVE-2012-4681

{"id": "CVE-2012-4681", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-08-28T00:55:01.860", "references": [{"url": "http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/", "tags": ["Broken Link", "Exploit"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=135109152819176&w=2", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1225.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/51044", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/55213", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA12-240A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using \"reflection with a trusted immediate caller\" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class."}, {"lang": "es", "value": "Oracle Java 7 Update 6, y posiblemente otras versiones, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un applet manipulado, explotado como en la naturaleza, en agosto de 2012 utilizando Gondzz.class y Gondvv.class."}], "lastModified": "2022-12-21T15:28:09.200", "cisaActionDue": "2022-03-24", "cisaExploitAdd": "2022-03-03", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A420DA5-1346-446B-8D23-E1E6DDBE527E"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8CA8719-7ABE-4279-B49E-C414794A4FE1"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC92B7EC-849F-4255-9D55-43681B8DADC4"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ABC1045-7D3D-4A14-B994-7E60A4BB4C9C"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F3C1E65-929A-4468-8584-F086E6E59839"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42C95C1D-0C2E-4733-AB1B-65650D88995D"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47A9F499-D1E3-41BD-AC18-E8D3D3231C12"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D45B0D7E-BA0F-4AAA-A7BA-2ADA4CC90D94"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D58A3E4F-2409-440A-891E-0B84D79AB480"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FC2226B-CFEF-48A4-83EA-1F59F4AF7528"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F29DC78F-4D02-47B4-A955-32080B22356C"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81A4204E-6F50-45FB-A343-7A30C0CD6D3D"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6E07069-D6EE-4D44-94A6-CDCA4A50E6F9"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B151882-47C0-400E-BBAB-A949E6140C86"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update21:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DB4F19E-DFC4-42F4-87B9-32FB1C496649"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "301E96A3-AD2F-48F3-9166-571BD6F9FAE3"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C9215D9-DB64-4CEE-85E6-E247035EFB09"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "352509FE-54D9-4A59-98B7-96E5E98BC2CF"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3EC13D3-4CE7-459C-A7D7-7D38C1284720"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CDCD1B4-C5F3-4188-B05F-23922F7DE517"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update27:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1824DA2D-26D5-4595-8376-8E41AB8C5E52"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update29:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B72F78B7-10D1-49CF-AC4D-3B10921CB633"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "344FA3EA-9E25-493C-976A-211D1404B251"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update30:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60D05860-9424-4727-B583-74A35BC9BDFD"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update31:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F85DB431-FEA4-42E7-AC29-6B66174DCD9E"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update32:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB7E911C-C780-440A-ABFF-CCE09061BB4F"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update33:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0381EE39-2F60-49FD-A63A-B9E81C9033CB"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update34:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AD75455-B7F0-4F42-98E7-CAA43787D606"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D081A380-5AA4-4451-94A9-7B65810106E3"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "112E7575-A3A0-4A94-AD39-7B2325B150B8"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "708E8CEF-82EE-4D4B-ABF9-87AA4878F517"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5D9D9A7-8819-44A4-80AC-52D6B63A0C9B"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEB2C8A3-E0DC-46A3-BD82-8E45DA55ED0E"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64B5B16D-061A-438D-A8CF-9E63D6C748D7"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACABC935-5DD6-4F85-992E-70AD517EF41D"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6152036D-6421-4AE4-9223-766FE07B5A44"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D375CECB-405C-4E18-A7E8-9C5A2F97BD69"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52EEEA5A-E77C-43CF-A063-9D5C64EA1870"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "003746F6-DEF0-4D0F-AD97-9E335868E301"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF830E0E-0169-4B6A-81FF-2E9FCD7D913B"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BAE3670-0938-480A-8472-DFF0B3A0D0BF"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB864346-1429-46B5-A91E-A1126C486421"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F199B346-B95E-4DCA-B750-148A36D559BA"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D16229B8-1642-4C10-8650-A9CEA9D4C98C"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1714BDEF-6B0E-42BB-9510-3F9B52E170BC"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "830A3A51-F17A-4C61-8F5C-6A4582A64DA6"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DE0E496-719D-4CEF-837F-B060A898099F"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B02F361-0C64-4CB8-8DAD-A63F1A9CC025"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD4CC3E2-7BEA-4D8C-811C-C5012327A9AA"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F63A8AC-893D-4D75-B467-85E70B62541D"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7823AE6-CB18-47DE-8A4F-1F98394B7237"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "381EFA43-DB73-48EA-A4B1-F451EF60D845"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77C54E00-0197-4C87-9BFF-01A099AC3006"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64AD6007-EB92-4D0E-A0CB-8FFDDB61AA6D"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7415177F-A2FE-47AB-8D92-194A4F6D75C8"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update21:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52FA600C-08B6-4143-9C72-DB31E489DE3E"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF13B96D-1F80-4672-8DA3-F86F6D3BF070"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1A2D440-D966-41A6-955D-38B28DDE0FDB"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1C57774-AD93-4162-8E45-92B09139C808"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD7C4194-D34A-418F-9B00-5C6012844AAE"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAF7D86B-1B4D-4E1F-9EF0-DA7E419D7E99"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0B82FB1-0F0E-44F9-87AE-628517279E4D"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0A67640-2F4A-488A-9D8F-3FE1F4DA8DEF"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2752B83A-6DD2-4829-9E4F-42CDDCBC38C0"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D60D98D-4363-44A0-AAB4-B61BA623EE21"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23CDA4F0-C32B-4B08-A377-7D4426C2F569"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E76476E-4120-46A9-90A8-A95FE89636CD"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update33:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97A84689-0CED-404F-8DC3-708BEB37D2CE"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update34:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "738EC3E5-A4EB-47FE-9C9A-7C8E8C669765"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "964CCFD6-316A-48C6-9A6B-7CFD1A1FB027"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC8771D7-9531-4A1D-B2DE-FAA7A7549801"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C59C275-5964-4E5D-BE80-BA4EA34BEA62"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47C1922B-37E8-4009-97C7-B243F6F96704"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B3A8681-3EAC-4D02-811A-5FCCCC7B5635"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFAA351A-93CD-46A8-A480-CE2783CCD620"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability"}