Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and previous versions, and 6 Update 34 and previous versions, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle jdk 1.7.0 |
||
oracle jre 1.7.0 |
||
oracle jre |
||
sun jdk 1.6.0 |
||
sun jre 1.6.0 |
||
oracle jre 1.6.0 |
||
oracle jdk 1.6.0 |
||
oracle jdk |
Chocolate coffee-pot
Apple released a Java update on Wednesday but it does not tackle a high-profile flaw that has become the target of attacks over recent weeks. Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10 offer patched versions of Java for OS X Lion and Mountain Lion systems that tackle CVE-2012-0547. But this is a different beastie from the CVE-2012-4681 megabug currently stalking Java users, KrebsOnSecurity reports. Security vulnerabilities in Java are an all-too-real danger for Mac fans, as illu...