CVE-2012-4681 vulnerability in Sun and Other Products
Published on August 28, 2012

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

Vendor Advisory NVD

Known Exploited Vulnerability

This Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution.

The following remediation steps are recommended / required by March 24, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

Products Associated with CVE-2012-4681

You can be notified by stack.watch whenever vulnerabilities like CVE-2012-4681 are published in these products:

Sun Jdk

Sun Jre

Oracle Java Runtime Environment (JRE)

Oracle Java Development Kit (JDK)

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Workstation

Red Hat Enterprise Linux Eus

What versions are vulnerable to CVE-2012-4681?

Oracle Java Development Kit (JDK) Version 1.7.0 update6
Oracle Java Runtime Environment (JRE) Version 1.7.0 update6
Oracle Java Development Kit (JDK) Version 1.7.0 update5
Oracle Java Runtime Environment (JRE) Version 1.7.0 update3
Oracle Java Development Kit (JDK) Version 1.7.0 update2
Oracle Java Runtime Environment (JRE) Version 1.7.0 update2
Oracle Java Development Kit (JDK) Version 1.7.0 update3
Oracle Java Runtime Environment (JRE) Version 1.7.0 update5
Oracle Java Runtime Environment (JRE) Version 1.7.0 update4
Oracle Java Development Kit (JDK) Version 1.7.0 update1
Oracle Java Development Kit (JDK) Version 1.7.0 update4
Oracle Java Runtime Environment (JRE) Version 1.7.0 update1
Oracle Java Development Kit (JDK) Version 1.6.0 -
Oracle Java Development Kit (JDK) Version 1.6.0 update10
Oracle Java Development Kit (JDK) Version 1.6.0 update33
Oracle Java Development Kit (JDK) Version 1.6.0 update25
Oracle Java Development Kit (JDK) Version 1.6.0 update29
Oracle Java Development Kit (JDK) Version 1.6.0 update31
Oracle Java Development Kit (JDK) Version 1.6.0 update27
Oracle Java Development Kit (JDK) Version 1.6.0 update12
Oracle Java Development Kit (JDK) Version 1.6.0 update13
Oracle Java Development Kit (JDK) Version 1.6.0 update14
Oracle Java Development Kit (JDK) Version 1.6.0 update24
Oracle Java Development Kit (JDK) Version 1.6.0 update23
Oracle Java Development Kit (JDK) Version 1.6.0 update22
Oracle Java Development Kit (JDK) Version 1.6.0 update32
Oracle Java Development Kit (JDK) Version 1.6.0 update26
Oracle Java Development Kit (JDK) Version 1.6.0 update34
Oracle Java Development Kit (JDK) Version 1.6.0 update30
Oracle Java Development Kit (JDK) Version 1.6.0 update11
Oracle Java Development Kit (JDK) Version 1.6.0 update1
Oracle Java Development Kit (JDK) Version 1.6.0 update2
Oracle Java Development Kit (JDK) Version 1.6.0 update3
Oracle Java Development Kit (JDK) Version 1.6.0 update4
Oracle Java Development Kit (JDK) Version 1.6.0 update5
Oracle Java Development Kit (JDK) Version 1.6.0 update7
Oracle Java Development Kit (JDK) Version 1.6.0 update6
Oracle Java Runtime Environment (JRE) Version 1.6.0 update30
Oracle Java Runtime Environment (JRE) Version 1.6.0 update32
Oracle Java Runtime Environment (JRE) Version 1.6.0 update25
Oracle Java Runtime Environment (JRE) Version 1.6.0 update33
Oracle Java Runtime Environment (JRE) Version 1.6.0 update24
Oracle Java Runtime Environment (JRE) Version 1.6.0 update26
Oracle Java Runtime Environment (JRE) Version 1.6.0 update27
Oracle Java Runtime Environment (JRE) Version 1.6.0 update22
Oracle Java Runtime Environment (JRE) Version 1.6.0 update31
Oracle Java Runtime Environment (JRE) Version 1.6.0 update23
Oracle Java Runtime Environment (JRE) Version 1.6.0 update34
Oracle Java Runtime Environment (JRE) Version 1.6.0 update29
Oracle Java Runtime Environment (JRE) Version 1.7.0 -
Oracle Java Runtime Environment (JRE) Version 1.6.0 -
Oracle Java Runtime Environment (JRE) Version 1.6.0 update1
Oracle Java Runtime Environment (JRE) Version 1.6.0 update10
Oracle Java Runtime Environment (JRE) Version 1.6.0 update11
Oracle Java Runtime Environment (JRE) Version 1.6.0 update12
Oracle Java Runtime Environment (JRE) Version 1.6.0 update13
Oracle Java Runtime Environment (JRE) Version 1.6.0 update14
Oracle Java Runtime Environment (JRE) Version 1.6.0 update15
Oracle Java Runtime Environment (JRE) Version 1.6.0 update16
Oracle Java Runtime Environment (JRE) Version 1.6.0 update17
Oracle Java Runtime Environment (JRE) Version 1.6.0 update18
Oracle Java Runtime Environment (JRE) Version 1.6.0 update19
Oracle Java Runtime Environment (JRE) Version 1.6.0 update2
Oracle Java Runtime Environment (JRE) Version 1.6.0 update20
Oracle Java Runtime Environment (JRE) Version 1.6.0 update21
Oracle Java Runtime Environment (JRE) Version 1.6.0 update3
Oracle Java Runtime Environment (JRE) Version 1.6.0 update5
Oracle Java Runtime Environment (JRE) Version 1.6.0 update4
Oracle Java Runtime Environment (JRE) Version 1.6.0 update6
Oracle Java Runtime Environment (JRE) Version 1.6.0 update7
Oracle Java Runtime Environment (JRE) Version 1.6.0 update9
Oracle Java Development Kit (JDK) Version 1.6.0 update15
Oracle Java Development Kit (JDK) Version 1.6.0 update16
Oracle Java Development Kit (JDK) Version 1.6.0 update17
Oracle Java Development Kit (JDK) Version 1.6.0 update18
Oracle Java Development Kit (JDK) Version 1.6.0 update19
Oracle Java Development Kit (JDK) Version 1.6.0 update20
Oracle Java Development Kit (JDK) Version 1.6.0 update21
Oracle Java Development Kit (JDK) Version 1.6.0 update8
Oracle Java Development Kit (JDK) Version 1.6.0 update9
Oracle Java Development Kit (JDK) Version 1.7.0 -

Red Hat Enterprise Linux Desktop Version 6.0
Red Hat Enterprise Linux Server Version 6.0
Red Hat Enterprise Linux Workstation Version 6.0
Red Hat Enterprise Linux Eus Version 6.3

CVE-2012-4681 vulnerability in Sun and Other ProductsPublished on August 28, 2012

Known Exploited Vulnerability

Vulnerability Analysis

Products Associated with CVE-2012-4681

What versions are vulnerable to CVE-2012-4681?

CVE-2012-4681 vulnerability in Sun and Other Products
Published on August 28, 2012