Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4301

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-4301
Last Modified 19 Dec 2013 11:28:47
Published 01 Feb 2013 07:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4301

Summary

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that this issue allows remote attackers to execute arbitrary code via an "invalid type case" in the init method of the D3DShader class in the com.sun.prism.d3d package. CPU.

Vulnerable Systems

Application

  • Oracle Javafx 2.0

  • Oracle Javafx 2.0.2

  • Oracle Javafx 2.0.3

  • Oracle Javafx 2.1

  • Oracle Javafx 2.2

  • Oracle Javafx 2.2.3

  • Oracle Javafx 2.2.4


References

CONFIRM - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

CERT - TA13-032A

CERT-VN - VU#858729

HP - SSRT101184

HP - HPSBMU02874

IDEFENSE - 20130201 Oracle Java SE JavaFx D3DShader Invalid Type Cast Vulnerability


Last Updated: 27 May 2016 11:01:45