Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4305

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-4305
Last Modified 19 Dec 2013 11:28:48
Published 01 Feb 2013 07:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4305

Summary

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue allows remote attackers to execute arbitrary code via vectors related to an "invalid type cast" and exposed native methods in the T2KGlyph class.

Vulnerable Systems

Application

  • Oracle Javafx 2.0

  • Oracle Javafx 2.0.2

  • Oracle Javafx 2.0.3

  • Oracle Javafx 2.1

  • Oracle Javafx 2.2

  • Oracle Javafx 2.2.3

  • Oracle Javafx 2.2.4


References

CONFIRM - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

CERT - TA13-032A

CERT-VN - VU#858729

HP - SSRT101184

HP - HPSBMU02874

IDEFENSE - 20130201 Oracle Java SE JavaFx T2KGlyph Invalid Type Cast Vulnerability


Last Updated: 27 May 2016 11:03:59