CVE-2012-4681

CVSS 2.0 Score 10 of 10 (high)

Details

Published Aug 28, 2012
Updated: Jan 6, 2025

Summary

CVE-2012-4681 refers to multiple vulnerabilities in Oracle Java SE 7 Update 6 and earlier versions of the Java Runtime Environment (JRE). These vulnerabilities enable remote attackers to execute arbitrary code. The issue is caused by a crafted applet that utilizes the com.sun.beans.finder.ClassFinder.findClass function and an exception with the forName method to access restricted classes in packages such as sun.awt.SunToolkit. Attackers can then leverage "reflection with a trusted immediate caller" to manipulate private fields, as observed in the wild in August 2012 using Gondzz.class and Gondvv.class.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Oracle Java Development Kit
  • Java Runtime Environment
  • Red Hat Enterprise Linux
  • Redhat Enterprise Linux Workstation
  • RedHat Enterprise Linux Server

Affected Vendors

  • Red Hat