Vulnerability Name: | CVE-2012-4305 (CCN-81780) | ||||||||||||
Assigned: | 2012-08-14 | ||||||||||||
Published: | 2013-02-01 | ||||||||||||
Updated: | 2017-09-19 | ||||||||||||
Summary: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. Note: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue allows remote attackers to execute arbitrary code via vectors related to an "invalid type cast" and exposed native methods in the T2KGlyph class. Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" | ||||||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||||||
Vulnerability Type: | CWE-noinfo | ||||||||||||
Vulnerability Consequences: | Unknown | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2012-4305 Source: HP Type: UNKNOWN HPSBMU02874 Source: CCN Type: SA52064 Oracle Java Multiple Vulnerabilities Source: CCN Type: IBM Security Bulletin 1628927 Rational Host On-Demand clients affected by vulnerabilities in IBM JRE Source: CCN Type: IBM Security Bulletin 1635864 IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE 6.0 Source: CCN Type: IBM Security Bulletin 1650822 Java Security Vulnerabilitys addressed in IBM Tivoli Netcool OMNIbus Source: CERT-VN Type: US Government Resource VU#858729 Source: CCN Type: Oracle Critical Patch Update Oracle Java SE Critical Patch Update Advisory - February 2013 Source: CONFIRM Type: Vendor Advisory http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html Source: CCN Type: BID-57695 Oracle Java SE CVE-2012-4305 JavaFX Remote Security Vulnerability Source: CERT Type: US Government Resource TA13-032A Source: IDEFENSE Type: UNKNOWN 20130201 Oracle Java SE JavaFx T2KGlyph Invalid Type Cast Vulnerability Source: XF Type: UNKNOWN oracle-javacpufeb2013-cve20124305(81780) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:16392 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |