Candidate: CVE-2012-4681 PublicDate: 2012-08-28 00:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4681 https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/ http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html http://seclists.org/oss-sec/2012/q3/308 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-August/020065.html Description: Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class. Ubuntu-Description: Notes: mdeslaur> in lucid+, NetX and the plugin moved to the icedtea-web package tyhicks> Per oss-security thread, OpenJDK <= 7u4-b31 is also affected tyhicks> sbeattie verified that the openjdk vulnerability test does not work on openjdk-6 in precise Bugs: Priority: medium Discovered-by: Assigned-to: CVSS: Patches_sun-java6: upstream_sun-java6: needs-triage hardy_sun-java6: ignored (upstream version is not redistributable) lucid_sun-java6: DNE (removed from archive) natty_sun-java6: DNE (removed from archive) oneiric_sun-java6: DNE precise_sun-java6: DNE quantal_sun-java6: DNE devel_sun-java6: DNE Patches_sun-java5: upstream_sun-java5: needs-triage hardy_sun-java5: ignored (upstream sun-java5 is EoL) lucid_sun-java5: DNE natty_sun-java5: DNE oneiric_sun-java5: DNE precise_sun-java5: DNE quantal_sun-java5: DNE devel_sun-java5: DNE Patches_openjdk-6: upstream_openjdk-6: needs-triage hardy_openjdk-6: ignored (reached end-of-life) lucid_openjdk-6: not-affected natty_openjdk-6: not-affected oneiric_openjdk-6: not-affected precise_openjdk-6: not-affected (tested with exploit) quantal_openjdk-6: not-affected devel_openjdk-6: not-affected Patches_openjdk-6b18: upstream_openjdk-6b18: needs-triage hardy_openjdk-6b18: DNE lucid_openjdk-6b18: not-affected natty_openjdk-6b18: not-affected oneiric_openjdk-6b18: not-affected precise_openjdk-6b18: DNE quantal_openjdk-6b18: DNE devel_openjdk-6b18: DNE Patches_icedtea-web: upstream_icedtea-web: needs-triage hardy_icedtea-web: DNE lucid_icedtea-web: not-affected natty_icedtea-web: not-affected oneiric_icedtea-web: not-affected precise_icedtea-web: not-affected quantal_icedtea-web: not-affected devel_icedtea-web: not-affected Patches_openjdk-7: upstream_openjdk-7: needs-triage hardy_openjdk-7: DNE lucid_openjdk-7: DNE natty_openjdk-7: DNE oneiric_openjdk-7: released (7u9-2.3.3-0ubuntu1~11.10.1) precise_openjdk-7: not-affected (7u7-2.3.2-1ubuntu0.12.04.1) quantal_openjdk-7: not-affected (7u7-2.3.2-1ubuntu1) devel_openjdk-7: not-affected (7u7-2.3.2-1ubuntu1)