Back to KEVs

CVE-2012-4681

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute...

Basic Information

CVE State: PUBLISHED
Reserved Date: August 27, 2012
Published Date: August 28, 2012
Last Updated: February 10, 2025
Vendor: n/a
Product: n/a
Description: Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-03-03 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2014-09-26 02:33:24 UTC) Source

References

http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html http://www.us-cert.gov/cas/techalerts/TA12-240A.html http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/ http://marc.info/?l=bugtraq&m=135109152819176&w=2 https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html http://rhn.redhat.com/errata/RHSA-2012-1225.html http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html http://secunia.com/advisories/51044 http://marc.info/?l=bugtraq&m=135109152819176&w=2 http://www.securityfocus.com/bid/55213

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-03-03 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_jre17_exec.rb	2025-04-29 11:01:19 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

java_jre17_exec

Type: metasploit • Created: Unknown

Metasploit module for CVE-2012-4681

benjholla/CVE-2012-4681-Armoring

Type: github • Created: 2014-09-26 02:33:24 UTC • Stars: 1

An A/V evasion armoring experiment for CVE-2012-4681