VulDB: Oracle Java SE JRE up to 7 Update 4 Hotspot buffer overflow
General
scipID: 5547
Affected: Oracle Java SE JRE up to 7 Update 4
Published: 06/12/2012
Risk: 
critical
Entry: 86.1% complete
Created: 06/14/2012
Updated: 09/03/2012
Summary
A vulnerability, which was classified as critical, was found in Oracle Java SE JRE up to 7 Update 4. This affects an unknown function of the component Hotspot. The manipulation with an unknown input leads to a buffer overflow vulnerability. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was disclosed 06/12/2012 as bulletin. The advisory is shared for download at oracle.com. The public release has been coordinated in cooperation with Oracle. This vulnerability is uniquely identified as CVE-2012-1725 since 03/16/2012. Technical details are unknown but a private exploit is available.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at oracle.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (82878) and Secunia (SA49472). Further details are available at support.apple.com.CVSS
Base Score: 7.4 (CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Buffer overflow
Local: Yes
Remote: No
Availability: Yes
Access: Private
Countermeasures
Recommended: Patch
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Patch: oracle.com
Timeline
03/16/2012 | CVE assigned
06/12/2012 | Advisory disclosed
06/12/2012 | Countermeasure disclosed
06/12/2012 | OSVDB entry created
06/14/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: oracle.com
Coordinated: Yes
OSVDB: 82878
CVE: CVE-2012-1725 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49472
Misc.: support.apple.com
- Latest Entries
- Apple QuickTime DREF Atom Handler buffer overflow [CVE-2013-1017]
- Apple QuickTime H.264 Handler buffer overflow [CVE-2013-1018]
- Apple QuickTime MP3 File Handler buffer overflow [CVE-2013-0989]
- Apple QuickTime Sorenson Codec Handler buffer overflow [CVE-2013-1019]
- Apple QuickTime JPEG Handler buffer overflow [CVE-2013-1020]
- Statistics
- Archive
