oss-sec mailing list archives

Re: CVE Request: Java 7 code execution 0day

From: Eygene Ryabinkin <rea-sec () codelabs ru>
Date: Wed, 29 Aug 2012 18:24:19 +0400

Mon, Aug 27, 2012 at 07:52:57PM -0600, Kurt Seifried wrote:

======================================================
Name: CVE-2012-4681
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4681 [Open

[...]

Oracle Java 7 Update 6, and possibly other versions, allows remote
attackers to execute arbitrary code via a crafted applet, as exploited
in the wild in August 2012 using Gondzz.class and Gondvv.class.


According to the
  http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-August/020065.html
OpenJDK <= 7u4-b31 is also affected.
-- 
Eygene

Current thread:

CVE Request: Java 7 code execution 0day David Jorm (Aug 27)
- Re: CVE Request: Java 7 code execution 0day Kurt Seifried (Aug 27)
  - Re: CVE Request: Java 7 code execution 0day Kurt Seifried (Aug 27)
    - Re: CVE Request: Java 7 code execution 0day Eygene Ryabinkin (Aug 29)