| Vulnerability Name: | CVE-2012-1543 (CCN-81785) | ||||||||||||
| Assigned: | 2012-03-08 | ||||||||||||
| Published: | 2013-02-01 | ||||||||||||
| Updated: | 2017-09-19 | ||||||||||||
| Summary: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. Note: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an invalid type cast in the JSObject class. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" | ||||||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||
| CVSS v2 Severity: | 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C) 5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||
| Vulnerability Consequences: | Unknown | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2012-1543 Source: HP Type: UNKNOWN HPSBMU02874 Source: CCN Type: SA52064 Oracle Java Multiple Vulnerabilities Source: CCN Type: SA52065 Oracle JavaFX Multiple Vulnerabilities Source: CCN Type: IBM Security Bulletin 1628927 Rational Host On-Demand clients affected by vulnerabilities in IBM JRE Source: CCN Type: IBM Security Bulletin 1635864 IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE 6.0 Source: CCN Type: IBM Security Bulletin 1650822 Java Security Vulnerabilitys addressed in IBM Tivoli Netcool OMNIbus Source: CERT-VN Type: US Government Resource VU#858729 Source: CCN Type: Oracle Critical Patch Update Oracle Java SE Critical Patch Update Advisory - February 2013 Source: CONFIRM Type: Vendor Advisory http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html Source: CCN Type: BID-57705 Oracle Java SE CVE-2012-1543 Remote Code Execution Vulnerabilities Source: CERT Type: US Government Resource TA13-032A Source: IDEFENSE Type: UNKNOWN 20130201 Oracle Java SE JavaFx JSObject Invalid Type Cast Vulnerability Source: XF Type: UNKNOWN oracle-javacpufeb2013-cve20121543(81785) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:16673 Source: CCN Type: ZDI-13-012 Oracle Java JavaFX WCGraphicsManager Remote Code Execution Vulnerability Source: CCN Type: ZDI-13-013 Oracle Java JavaFX WCMediaPlayer Remote Code Execution Vulnerability | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||