oss-sec mailing list archives
Re: CVE Request: Java 7 code execution 0day
From: Eygene Ryabinkin <rea-sec () codelabs ru>
Date: Wed, 29 Aug 2012 18:24:19 +0400
Mon, Aug 27, 2012 at 07:52:57PM -0600, Kurt Seifried wrote:
====================================================== Name: CVE-2012-4681 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4681 [Open
[...]
Oracle Java 7 Update 6, and possibly other versions, allows remote attackers to execute arbitrary code via a crafted applet, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.
According to the http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-August/020065.html OpenJDK <= 7u4-b31 is also affected. -- Eygene
Current thread:
- CVE Request: Java 7 code execution 0day David Jorm (Aug 27)
- Re: CVE Request: Java 7 code execution 0day Kurt Seifried (Aug 27)
- Re: CVE Request: Java 7 code execution 0day Kurt Seifried (Aug 27)
- Re: CVE Request: Java 7 code execution 0day Eygene Ryabinkin (Aug 29)
- Re: CVE Request: Java 7 code execution 0day Kurt Seifried (Aug 27)
- Re: CVE Request: Java 7 code execution 0day Kurt Seifried (Aug 27)