Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1541

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-1541
Last Modified 19 Dec 2013 11:25:18
Published 01 Feb 2013 07:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1541

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free.

Vulnerable Systems

Application

  • Oracle Jdk 1.6.0

  • Oracle Jdk 1.7.0

  • Oracle Jre 1.6.0

  • Oracle Jre 1.7.0

  • Sun Jdk 1.6.0

  • Sun Jre 1.6.0


References

CONFIRM - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

REDHAT - RHSA-2013:0237

REDHAT - RHSA-2013:0236

CERT - TA13-032A

CERT-VN - VU#858729

HP - HPSBMU02874

HP - SSRT101184

HP - SSRT101156

HP - HPSBUX02864

HP - HPSBUX02857

HP - SSRT101103

IDEFENSE - 20130201 Multiple Vendor WebKit JRE Plugin Module Use-after-Free Vulnerability

REDHAT - RHSA-2013:1456

REDHAT - RHSA-2013:1455

Related Patches

Oracle Java JRE 1.6.0_39 for Windows (Update) (All Languages) (See Notes)

Oracle Java JRE 1.7.0_13 for Windows (Update) (All Languages) (See Notes) (Rev 2)

Oracle Java JRE 1.7.0_13 for Mac OS X (Update)

Oracle Java JRE 1.6.0_39 for Windows (Update) (64Bit) (All Languages) (See Notes)

Oracle Java JRE 1.7.0_13 for Windows (Update) (64Bit) (All Languages) (See Notes) (Rev 2)

Novell SUSE 2013:7454 java-1_7_0-ibm security update for SLES 11 SP2 i586

Novell SUSE 2013:7454 java-1_7_0-ibm security update for SLES 11 SP2 x86_64

Novell SUSE 2013:7481 java-1_6_0-ibm security update for SLES 11 SP2 i586

Novell SUSE 2013:7481 java-1_6_0-ibm security update for SLES 11 SP2 x86_64

Novell SUSE 2013:8495 java-1_6_0-ibm security update for SLES 10 SP4 i586

Novell SUSE 2013:8495 java-1_6_0-ibm security update for SLES 10 SP4 x86_64


Last Updated: 27 May 2016 11:01:56