Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2012-1723

Published: 16/06/2012 Updated: 13/05/2022
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Jre

Vulnerability Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and previous versions, 6 update 32 and previous versions, 5 update 35 and previous versions, and 1.4.2_37 and previous versions allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle jre

oracle jdk

sun jdk

sun jre

Vendor Advisories

Debian CVElist Bug Report Logs: Multiple security issues
Debian Bug report logs - #677486 Multiple security issues Package: openjdk-7; Maintainer for openjdk-7 is OpenJDK Team <openjdk@listslaunchpadnet>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Thu, 14 Jun 2012 09:25:40 UTC Severity: grave Tags: security Fixed in version openjdk-7/7~u3-211-1 ...
Ubuntu Security Notice: icedtea-web, openjdk-6 vulnerabilities
Several security issues were fixed in OpenJDK 6 ...
Ubuntu Security Notice: icedtea-web regression
USN 1505-1 introduced a regression in the IcedTea-Web Java web browser plugin that prevented it from working with the Chromium web browser ...
Debian Security Advisories: DSA-2507-1 openjdk-6 -- several vulnerabilities
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform CVE-2012-1711 CVE-2012-1719 Multiple errors in the CORBA implementation could lead to breakouts of the Java sandbox CVE-2012-1713 Missing input sanitising in the font manager could lead to the execution of arbitrary code CVE-20 ...
Red Hat: Critical: java-1.7.0-oracle security update
Synopsis Critical: java-170-oracle security update Type/Severity Security Advisory: Critical Topic Updated java-170-oracle packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticalse ...
Red Hat: Critical: java-1.6.0-openjdk security update
Synopsis Critical: java-160-openjdk security update Type/Severity Security Advisory: Critical Topic Updated java-160-openjdk packages that fix several security issues arenow available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having criticalsecurity impac ...
Red Hat: Critical: java-1.6.0-sun security update
Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticalse ...
Red Hat: Important: java-1.6.0-openjdk security update
Synopsis Important: java-160-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-160-openjdk packages that fix several security issues arenow available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security im ...
Red Hat: Important: java-1.7.0-openjdk security and bug fix update
Synopsis Important: java-170-openjdk security and bug fix update Type/Severity Security Advisory: Important Topic Updated java-170-openjdk packages that fix several security issues andone bug are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as hav ...
Amazon Linux AMI: ALAS-2012-088
Multiple flaws were discovered in the CORBA (Common Object Request Broker Architecture) implementation in Java A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data (CVE-2012-1711, CVE-2012-1719) It was discovered that the SynthLookAndFeel class from Swing did not properly ...

Exploits

Exploit DB: Java Applet - Field Bytecode Verifier Cache Remote Code Execution (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking ...
Exploit DB: Java Applet Field Bytecode Verifier Cache Remote Code Execution
This Metasploit module exploits a vulnerability in HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checks This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations ...

Github Repositories

https://github.com/EthanNJC/CVE-2012-1723

Proof of concept exploit for CVE-2012-1723

Web browser drive-by that exploits CVE-2012-1723 for remote code execution A walk-through and technical details can be found at ethanielme/2017/02/09/practice-the-past-cve-2012-1723/

Recent Articles

Investigation Report for the September 2014 Equation malware detection incident in the US
Securelist • Kaspersky Lab • 16 Nov 2017

In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were tr...

Read more...
IT threat evolution Q3 2014
Securelist • David Emm Maria Garnaeva Victor Chebyshev Roman Unuchek Denis Makrushin Anton Ivanov • 18 Nov 2014

PDF version In July we published our in-depth analysis into a targeted attack campaign that we dubbed ‘Crouching Yeti’. This campaign is also known as ‘Energetic Bear’. This campaign, which has been active since late 2010, has so far targeted the following sectors:  industrial/machinery, manufacturing, pharmaceutical, construction, education and information technology.  So far there have been more than 2,800 victims worldwide, and we have been able to identify 101 different organisatio...

Read more...
The Epic Turla Operation
Securelist • GReAT • 07 Aug 2014

Technical Appendix with IOCs Over the last 10 months, Kaspersky Lab researchers have analyzed a massive cyber-espionage operation which we call “Epic Turla”. The attackers behind Epic Turla have infected several hundred computers in more than 45 countries, including government institutions, embassies, military, education, research and pharmaceutical companies. The attacks are known to have used at least two zero-day exploits: We also observed exploits against older (patched) vulnerabilities,...

Read more...
Java under attack – the evolution of exploits in 2012-2013
Securelist • Kaspersky Lab • 30 Oct 2013

One of the biggest problems facing the IT security industry is the use of vulnerabilities in legitimate software to launch malware attacks. Malicious programs can use these vulnerabilities to infect a computer without attracting the attention of the user – and, in some cases, without triggering an alert from security software. That’s why cyber criminals prefer these attacks, known as exploits, over other infection methods. Unlike social engineering, which can be hit or miss, the use of vulne...

Read more...
The Icefog APT: Frequently Asked Questions
Securelist • GReAT • 26 Sep 2013

Here are answers to the most frequently asked questions related to Icefog, an APT operation targeting entities in Japan and South Korea. Icefog refers to a cyber-espionage campaign that has been active at least since 2011. It targets governmental institutions, military contractors, maritime and ship-building groups, telecom operators, satellite operators, industrial and high technology companies and mass media, mainly in South Korea and Japan. It is likely that the crew targets organizations in ...

Read more...
IT Threat Evolution: Q3 2012
Securelist • Yury Namestnikov • 01 Nov 2012

During Q3 2012, over 9,000 new malicious .dex files were added to our malware collection. This is 5,000 files fewer than last quarter but 3,500 more than in Q1 2012. This is due to the fact that in Q2 files that had been detected heuristically for some time were added to our malware collection. (Note that one heuristic is used to detect a large number of different programs.) In Q3, the situation was standard and the number of new files added to our collection was in line with the trend we have s...

Read more...

References

NVD-CWE-noinfohttp://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.htmlhttp://marc.info/?l=bugtraq&m=134496371727681&w=2http://www.ibm.com/support/docview.wss?uid=swg21615246http://secunia.com/advisories/51080http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:095http://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://www.securityfocus.com/bid/53960https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16259http://rhn.redhat.com/errata/RHSA-2012-0734.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677486https://nvd.nist.govhttps://usn.ubuntu.com/1505-1/https://www.exploit-db.com/exploits/19717/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook