CVE-2012-4681

Published: Aug 28, 2012Modified: Apr 21, 2026CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

Affected (85)

Products: Oracle: Jdk, Jre · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Workstation

2 products

4 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Workstation

Configuration A

81 vulnerable

Vulnerable Software	Affected Versions
Oracle Jdk	Version 1.6.0
Oracle Jdk	Version 1.6.0 update10
Oracle Jdk	Version 1.6.0 update11
Oracle Jdk	Version 1.6.0 update12
Oracle Jdk	Version 1.6.0 update13
Oracle Jdk	Version 1.6.0 update14
Oracle Jdk	Version 1.6.0 update15
Oracle Jdk	Version 1.6.0 update16
Oracle Jdk	Version 1.6.0 update17
Oracle Jdk	Version 1.6.0 update18
Oracle Jdk	Version 1.6.0 update19
Oracle Jdk	Version 1.6.0 update1
Oracle Jdk	Version 1.6.0 update20
Oracle Jdk	Version 1.6.0 update21
Oracle Jdk	Version 1.6.0 update22
Oracle Jdk	Version 1.6.0 update23
Oracle Jdk	Version 1.6.0 update24
Oracle Jdk	Version 1.6.0 update25
Oracle Jdk	Version 1.6.0 update26
Oracle Jdk	Version 1.6.0 update27
Oracle Jdk	Version 1.6.0 update29
Oracle Jdk	Version 1.6.0 update2
Oracle Jdk	Version 1.6.0 update30
Oracle Jdk	Version 1.6.0 update31
Oracle Jdk	Version 1.6.0 update32
Oracle Jdk	Version 1.6.0 update33
Oracle Jdk	Version 1.6.0 update34
Oracle Jdk	Version 1.6.0 update3
Oracle Jdk	Version 1.6.0 update4
Oracle Jdk	Version 1.6.0 update5
Oracle Jdk	Version 1.6.0 update6
Oracle Jdk	Version 1.6.0 update7
Oracle Jdk	Version 1.6.0 update8
Oracle Jdk	Version 1.6.0 update9
Oracle Jdk	Version 1.7.0
Oracle Jdk	Version 1.7.0 update1
Oracle Jdk	Version 1.7.0 update2
Oracle Jdk	Version 1.7.0 update3
Oracle Jdk	Version 1.7.0 update4
Oracle Jdk	Version 1.7.0 update5
Oracle Jdk	Version 1.7.0 update6
Oracle Jre	Version 1.6.0
Oracle Jre	Version 1.6.0 update10
Oracle Jre	Version 1.6.0 update11
Oracle Jre	Version 1.6.0 update12
Oracle Jre	Version 1.6.0 update13
Oracle Jre	Version 1.6.0 update14
Oracle Jre	Version 1.6.0 update15
Oracle Jre	Version 1.6.0 update16
Oracle Jre	Version 1.6.0 update17
Oracle Jre	Version 1.6.0 update18
Oracle Jre	Version 1.6.0 update19
Oracle Jre	Version 1.6.0 update1
Oracle Jre	Version 1.6.0 update20
Oracle Jre	Version 1.6.0 update21
Oracle Jre	Version 1.6.0 update22
Oracle Jre	Version 1.6.0 update23
Oracle Jre	Version 1.6.0 update24
Oracle Jre	Version 1.6.0 update25
Oracle Jre	Version 1.6.0 update26
Oracle Jre	Version 1.6.0 update27
Oracle Jre	Version 1.6.0 update29
Oracle Jre	Version 1.6.0 update2
Oracle Jre	Version 1.6.0 update30
Oracle Jre	Version 1.6.0 update31
Oracle Jre	Version 1.6.0 update32
Oracle Jre	Version 1.6.0 update33
Oracle Jre	Version 1.6.0 update34
Oracle Jre	Version 1.6.0 update3
Oracle Jre	Version 1.6.0 update4
Oracle Jre	Version 1.6.0 update5
Oracle Jre	Version 1.6.0 update6
Oracle Jre	Version 1.6.0 update7
Oracle Jre	Version 1.6.0 update9
Oracle Jre	Version 1.7.0
Oracle Jre	Version 1.7.0 update1
Oracle Jre	Version 1.7.0 update2
Oracle Jre	Version 1.7.0 update3
Oracle Jre	Version 1.7.0 update4
Oracle Jre	Version 1.7.0 update5
Oracle Jre	Version 1.7.0 update6

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.3
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Workstation	Version 6.0