Vulnerability detail

Vendor

Oracle

Product

Java SE

Published

Aug 28, 2012

EPSS

—

Description

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

SSVC decision points

Exploitation

active

Automatable

Yes

Technical impact

total

References

• http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
• http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
• http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html
• http://www.us-cert.gov/cas/techalerts/TA12-240A.html
• http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/
• http://marc.info/?l=bugtraq&m=135109152819176&w=2
• https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day
• http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html
• http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
• http://rhn.redhat.com/errata/RHSA-2012-1225.html
• http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html
• http://secunia.com/advisories/51044
• http://marc.info/?l=bugtraq&m=135109152819176&w=2
• http://www.securityfocus.com/bid/55213

Potential proof of concepts