CVE-2012-4681
CVSS 2.0 Score 10 of 10 (high)
Details
Summary
CVE-2012-4681 refers to multiple vulnerabilities in Oracle Java SE 7 Update 6 and earlier versions of the Java Runtime Environment (JRE). These vulnerabilities enable remote attackers to execute arbitrary code. The issue is caused by a crafted applet that utilizes the com.sun.beans.finder.ClassFinder.findClass function and an exception with the forName method to access restricted classes in packages such as sun.awt.SunToolkit. Attackers can then leverage "reflection with a trusted immediate caller" to manipulate private fields, as observed in the wild in August 2012 using Gondzz.class and Gondvv.class.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Oracle Java Development Kit
- Java Runtime Environment
- Red Hat Enterprise Linux
- Redhat Enterprise Linux Workstation
- RedHat Enterprise Linux Server
Affected Vendors
- Red Hat