oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: Java 7 code execution 0day

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 27 Aug 2012 19:52:57 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Argh I didn't check my CVE email so I failed to see Mitre assigned a
CVE for this a few hours ago.

======================================================
Name: CVE-2012-4681
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4681 [Open
URL]
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20120827
Category:
Reference:
MISC:http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
[Open URL]
Reference:
MISC:http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/
[Open URL]
Reference:
MISC:https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day
[Open URL]

Oracle Java 7 Update 6, and possibly other versions, allows remote
attackers to execute arbitrary code via a crafted applet, as exploited
in the wild in August 2012 using Gondzz.class and Gondvv.class.



Please use CVE-2012-3539 for this issue in Java from Oracle.
Please note that additional CVE's may be issued if it is discovered
that this issue affects over versions of Java/etc.


Please REJECT CVE-2012-3539.

The correct CVE for this Java issue is CVE-2012-4681 as assigned by Mitre.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQPCR4AAoJEBYNRVNeJnmT4mQQAIY3wypf8b0LrEjjhA1WOOt6
le7O12mFuH5hS3C1EWgpRQQ5XsrbwGRiTqTE2wlvvetFhku65wRJiOnS5rpcVhdM
7nkCAEVrQhvJeHZnDtwaAEJdLKA8ASDUrSqGrHu54JiEYYr9g3qHul4Xl7UOXGkX
Nh1AB61vs/jd4xZiJTjF2KeOAfadqq5+dRZwZz09T5DsDFfmH6b8xtWCRCQaa8gm
E1PRdj1qyswkgfbAJcde+73UxTPE9ICOL+h8GQoAc4/tfMwqnjrh/M9y2gx1WHMU
+nNM1Y3x9gtqxtfp75Cm7y3W9Jx8VTzKt6Q/XGZedP4iG5RWQ0i2Zq16Z2FLwLxD
vI5U7zorjscVQW+UntRKbajsso5LE/b7jFSZjPa//ww/chpvHQ/MG19WxwwePj6R
JQHnlPNXWpjESrmzWYHbKnTDCH8oWZ1OyF68yXDYzlg9L+75Jaqw+rUAPR+S87kp
g+U/YzBKAbSJf7xLr28iBs0Lyt6RH1JShtTLNWe9BjW07jHdwUdnJqDdftSWkGOW
sxnlBHeCPIxoTThpbH4ie8sb9lH251vF4F++xKbhnjRr2fpjCHL2HcaZDUPH7Md5
g7uejMnlKALsh7TVjwl6LE9+qhiE1KBEq9hrf66Y5d0OV3n8GmEXlkMoL5V2ZYbL
1RVL4me4Un/bvRH8biRM
=6idH
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: