VulDB: Oracle Java SE JRE up to 7 Update 4 Deployment buffer overflow
General
scipID: 5549
Affected: Oracle Java SE JRE up to 7 Update 4
Published: 06/12/2012
Risk: 
critical
Entry: 87% complete
Created: 06/14/2012
Updated: 09/03/2012
Summary
A vulnerability was found in Oracle Java SE JRE up to 7 Update 4 and classified as critical. This issue affects an unknown function of the component Deployment. The manipulation with an unknown input leads to a buffer overflow vulnerability. Impacted is confidentiality, integrity, and availability.
The weakness was shared 06/12/2012 as bulletin. The advisory is shared for download at oracle.com. The vendor cooperated in the coordination of the public release. The identification of this vulnerability is CVE-2012-1722 since 03/16/2012. The attack may be initiated remotely. Technical details are unknown but a private exploit is available.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at oracle.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (82876) and Secunia (SA49472). support.apple.com is providing further details.CVSS
Base Score: 8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Buffer overflow
Local: No
Remote: Yes
Availability: Yes
Access: Private
Countermeasures
Recommended: Patch
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Patch: oracle.com
Timeline
03/16/2012 | CVE assigned
06/12/2012 | Advisory disclosed
06/12/2012 | Countermeasure disclosed
06/12/2012 | OSVDB entry created
06/14/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: oracle.com
Coordinated: Yes
OSVDB: 82876
CVE: CVE-2012-1722 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49472
Misc.: support.apple.com
- Latest Entries
- EMC RSA Authentication API Encryption Key information disclosure
- Cisco Secure Access Control System Web Interface weak authentication
- Python ssl.match_hostname() denial of service
- Mozilla Firefox/Thunderbird nsContentUtils::RemoveScriptBlocker buffer overflow
- Mozilla Firefox/Thunderbird nsFrameList::FirstChild buffer overflow
- Statistics
- Archive
