VulDB: Oracle Java SE JRE up to 7 Update 4 2D buffer overflow
General
scipID: 5551
Affected: Oracle Java SE JRE up to 7 Update 4
Published: 06/12/2012
Risk: 
critical
Entry: 84.4% complete
Created: 06/14/2012
Updated: 09/03/2012
Summary
A vulnerability was found in Oracle Java SE JRE up to 7 Update 4. It has been declared as critical. Affected by this vulnerability is an unknown function of the component 2D. The manipulation with an unknown input leads to a buffer overflow vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was released 06/12/2012 as bulletin. The advisory is shared for download at oracle.com. The public release was coordinated with Oracle. This vulnerability is known as CVE-2012-1713 since 03/16/2012. The attack can be launched remotely. Technical details are unknown but a private exploit is available.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at oracle.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (82874) and Secunia (SA49472).CVSS
Base Score: 8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
CPE
- cpe:/a:oracle:java_se_jre:7_update_4
Exploiting
Class: Buffer overflow
Local: No
Remote: Yes
Availability: Yes
Access: Private
Countermeasures
Recommended: Patch
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Patch: oracle.com
Timeline
03/16/2012 | CVE assigned
06/12/2012 | Advisory disclosed
06/12/2012 | Countermeasure disclosed
06/12/2012 | OSVDB entry created
06/14/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: oracle.com
Coordinated: Yes
OSVDB: 82874
CVE: CVE-2012-1713 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49472
