Oracle Java SE JRE Multiple Remote Code Execution Vulnerabilities - (Windows) Network Vulnerability

Summary

This host is installed with Oracle Java SE JRE and is prone to multiple remote code execution vulnerabilities.

Impact

Successful exploitation allows remote attackers to bypass SecurityManager restrictions and execute arbitrary code. Impact Level: System/Application

Solution

Apply the patch from below link http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

Insight

- SecurityManager restrictions using 'com.sun.beans.finder.ClassFinder.findClass' with the forName method to access restricted classes and 'reflection with a trusted immediate caller' to access and modify private fields. - Multiple unspecified vulnerabilities in the JRE component related to Beans sub-component.

Affected

Oracle Java SE versions 7 Update 6 and earlier

References

http://secunia.com/advisories/50133
http://securitytracker.com/id/1027458
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
http://www.osvdb.org/84981
http://www.osvdb.org/84982

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1682, CVE-2012-3136, CVE-2012-4681

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities - Windows
Adobe AIR Security Bypass Vulnerability Jan14 (Windows)
Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)

Take action and discover your vulnerabilities