VulDB: Oracle Java SE JRE up to 7 Update 4 Deployment buffer overflow
General
scipID: 5550
Affected: Oracle Java SE JRE up to 7 Update 4
Published: 06/12/2012
Risk: 
critical
Entry: 87% complete
Created: 06/14/2012
Updated: 09/03/2012
Summary
A vulnerability classified as critical has been found in Oracle Java SE JRE up to 7 Update 4. Affected is an unknown function of the component Deployment. The manipulation with an unknown input leads to a buffer overflow vulnerability. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was published 06/12/2012 as bulletin. The advisory is shared for download at oracle.com. The public release has been coordinated with the vendor. This vulnerability is traded as CVE-2012-1721 since 03/16/2012. It is possible to launch the attack remotely. Technical details are unknown but a private exploit is available.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at oracle.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (82875) and Secunia (SA49472). Further details are available at support.apple.com.CVSS
Base Score: 8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Buffer overflow
Local: No
Remote: Yes
Availability: Yes
Access: Private
Countermeasures
Recommended: Patch
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Patch: oracle.com
Timeline
03/16/2012 | CVE assigned
06/12/2012 | Advisory disclosed
06/12/2012 | Countermeasure disclosed
06/12/2012 | OSVDB entry created
06/14/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: oracle.com
Coordinated: Yes
OSVDB: 82875
CVE: CVE-2012-1721 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49472
Misc.: support.apple.com
