CVE-2012-1713
Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Vulnerabilidad no especificada en el Java Runtime Environment (JRE), componente de Oracle Java SE 7 Update 4 y anteriores, 6 Update 32 y anteriores, 5 actualización 35 y anteriores, v1.4.2_37 y anteriores, y JavaFX 2.1 y versiones anteriores permite a atacantes remotos afectar a la confidencialidad , la integridad y la disponibilidad a través de vectores desconocidos relacionados con el 2D.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the BasicService.showDocument Java Webstart function. This function allows additional parameters to be passed to the browser. Depending on which browser the user has set as default browser this could lead to remote code execution under the context of the current user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-03-16 CVE Reserved
- 2012-06-13 CVE Published
- 2023-11-12 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (22)
URL | Tag | Source |
---|---|---|
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html | Mailing List | |
http://secunia.com/advisories/50659 | Third Party Advisory | |
http://secunia.com/advisories/51080 | Third Party Advisory | |
http://www.ibm.com/support/docview.wss?uid=swg21615246 | X_refsource_confirm | |
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | X_refsource_confirm | |
http://www.securityfocus.com/bid/53946 | Vdb Entry | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16502 | Signature |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | <= 1.7.0 Search vendor "Oracle" for product "Jdk" and version " <= 1.7.0" | update4 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | <= 1.7.0 Search vendor "Oracle" for product "Jre" and version " <= 1.7.0" | update4 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | <= 1.6.0 Search vendor "Oracle" for product "Jdk" and version " <= 1.6.0" | update32 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | <= 1.6.0 Search vendor "Oracle" for product "Jre" and version " <= 1.6.0" | update32 |
Affected
| ||||||
Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | <= 1.5.0 Search vendor "Sun" for product "Jdk" and version " <= 1.5.0" | update35 |
Affected
| ||||||
Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | <= 1.5.0 Search vendor "Sun" for product "Jre" and version " <= 1.5.0" | update35 |
Affected
| ||||||
Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | <= 1.4.2_37 Search vendor "Sun" for product "Jdk" and version " <= 1.4.2_37" | - |
Affected
| ||||||
Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | <= 1.4.2_37 Search vendor "Sun" for product "Jre" and version " <= 1.4.2_37" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Javafx Search vendor "Oracle" for product "Javafx" | <= 2.1 Search vendor "Oracle" for product "Javafx" and version " <= 2.1" | - |
Affected
|