← Back to CVEs
CVE-2012-4681
CRITICALCISA KEV9.8
Description
Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published8/28/2012
Last Modified10/22/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorOracle
ProductJava SE
Vulnerability NameOracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
KEV Date Added2022-03-03
Remediation Due Date2022-03-24
Ransomware UseKnown
Affected Products
oracle:jdkoracle:jreredhat:enterprise_linux_desktopredhat:enterprise_linux_eusredhat:enterprise_linux_serverredhat:enterprise_linux_workstation
Weaknesses (CWE)
CWE-284
References
http://marc.info/?l=bugtraq&m=135109152819176&w=2(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2012-1225.html(cve@mitre.org)
http://secunia.com/advisories/51044(cve@mitre.org)
http://www.securityfocus.com/bid/55213(cve@mitre.org)
http://www.us-cert.gov/cas/techalerts/TA12-240A.html(cve@mitre.org)
https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day(cve@mitre.org)
http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html(af854a3a-2127-422b-91ae-364da2661108)
http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html(af854a3a-2127-422b-91ae-364da2661108)
http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=135109152819176&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2012-1225.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/51044(af854a3a-2127-422b-91ae-364da2661108)
http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/55213(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA12-240A.html(af854a3a-2127-422b-91ae-364da2661108)
https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-4681(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.