What is the severity of CVE-2012-4681?

CVE-2012-4681 has a critical severity rating due to its potential to allow remote execution of arbitrary code.

How do I fix CVE-2012-4681?

To fix CVE-2012-4681, update your Java Runtime Environment to the latest version provided by Oracle.

Which Oracle products are affected by CVE-2012-4681?

CVE-2012-4681 affects Oracle Java SE 7 Update 6 and earlier, as well as various versions of Oracle JDK 6 and JRE 6 and 7.

Can CVE-2012-4681 be exploited remotely?

Yes, CVE-2012-4681 allows remote attackers to exploit the vulnerability through a malicious crafted applet.

What type of vulnerability is CVE-2012-4681?

CVE-2012-4681 is classified as a remote code execution vulnerability in the Java Runtime Environment.

Vulnerability/
CVE-2012-4681

Exploited

critical

CWE

284

28/8/2012

10/2/2025

CVE-2012-4681: Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

First published: Tue Aug 28 2012(Updated: )

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Oracle Java
Oracle JDK 6	=1.6.0
Oracle JDK 6	=1.6.0-update1
Oracle JDK 6	=1.6.0-update10
Oracle JDK 6	=1.6.0-update11
Oracle JDK 6	=1.6.0-update12
Oracle JDK 6	=1.6.0-update13
Oracle JDK 6	=1.6.0-update14
Oracle JDK 6	=1.6.0-update15
Oracle JDK 6	=1.6.0-update16
Oracle JDK 6	=1.6.0-update17
Oracle JDK 6	=1.6.0-update18
Oracle JDK 6	=1.6.0-update19
Oracle JDK 6	=1.6.0-update2
Oracle JDK 6	=1.6.0-update20
Oracle JDK 6	=1.6.0-update21
Oracle JDK 6	=1.6.0-update22
Oracle JDK 6	=1.6.0-update23
Oracle JDK 6	=1.6.0-update24
Oracle JDK 6	=1.6.0-update25
Oracle JDK 6	=1.6.0-update26
Oracle JDK 6	=1.6.0-update27
Oracle JDK 6	=1.6.0-update29
Oracle JDK 6	=1.6.0-update3
Oracle JDK 6	=1.6.0-update30
Oracle JDK 6	=1.6.0-update31
Oracle JDK 6	=1.6.0-update32
Oracle JDK 6	=1.6.0-update33
Oracle JDK 6	=1.6.0-update34
Oracle JDK 6	=1.6.0-update4
Oracle JDK 6	=1.6.0-update5
Oracle JDK 6	=1.6.0-update6
Oracle JDK 6	=1.6.0-update7
Oracle JDK 6	=1.6.0-update8
Oracle JDK 6	=1.6.0-update9
Oracle JDK 6	=1.7.0
Oracle JDK 6	=1.7.0-update1
Oracle JDK 6	=1.7.0-update2
Oracle JDK 6	=1.7.0-update3
Oracle JDK 6	=1.7.0-update4
Oracle JDK 6	=1.7.0-update5
Oracle JDK 6	=1.7.0-update6
Oracle Java Runtime Environment (JRE)	=1.6.0
Oracle Java Runtime Environment (JRE)	=1.6.0-update1
Oracle Java Runtime Environment (JRE)	=1.6.0-update10
Oracle Java Runtime Environment (JRE)	=1.6.0-update11
Oracle Java Runtime Environment (JRE)	=1.6.0-update12
Oracle Java Runtime Environment (JRE)	=1.6.0-update13
Oracle Java Runtime Environment (JRE)	=1.6.0-update14
Oracle Java Runtime Environment (JRE)	=1.6.0-update15
Oracle Java Runtime Environment (JRE)	=1.6.0-update16
Oracle Java Runtime Environment (JRE)	=1.6.0-update17
Oracle Java Runtime Environment (JRE)	=1.6.0-update18
Oracle Java Runtime Environment (JRE)	=1.6.0-update19
Oracle Java Runtime Environment (JRE)	=1.6.0-update2
Oracle Java Runtime Environment (JRE)	=1.6.0-update20
Oracle Java Runtime Environment (JRE)	=1.6.0-update21
Oracle Java Runtime Environment (JRE)	=1.6.0-update22
Oracle Java Runtime Environment (JRE)	=1.6.0-update23
Oracle Java Runtime Environment (JRE)	=1.6.0-update24
Oracle Java Runtime Environment (JRE)	=1.6.0-update25
Oracle Java Runtime Environment (JRE)	=1.6.0-update26
Oracle Java Runtime Environment (JRE)	=1.6.0-update27
Oracle Java Runtime Environment (JRE)	=1.6.0-update29
Oracle Java Runtime Environment (JRE)	=1.6.0-update3
Oracle Java Runtime Environment (JRE)	=1.6.0-update30
Oracle Java Runtime Environment (JRE)	=1.6.0-update31
Oracle Java Runtime Environment (JRE)	=1.6.0-update32
Oracle Java Runtime Environment (JRE)	=1.6.0-update33
Oracle Java Runtime Environment (JRE)	=1.6.0-update34
Oracle Java Runtime Environment (JRE)	=1.6.0-update4
Oracle Java Runtime Environment (JRE)	=1.6.0-update5
Oracle Java Runtime Environment (JRE)	=1.6.0-update6
Oracle Java Runtime Environment (JRE)	=1.6.0-update7
Oracle Java Runtime Environment (JRE)	=1.6.0-update9
Oracle Java Runtime Environment (JRE)	=1.7.0
Oracle Java Runtime Environment (JRE)	=1.7.0-update1
Oracle Java Runtime Environment (JRE)	=1.7.0-update2
Oracle Java Runtime Environment (JRE)	=1.7.0-update3
Oracle Java Runtime Environment (JRE)	=1.7.0-update4
Oracle Java Runtime Environment (JRE)	=1.7.0-update5
Oracle Java Runtime Environment (JRE)	=1.7.0-update6
redhat enterprise Linux desktop	=6.0
redhat enterprise Linux eus	=6.3
redhat enterprise Linux server	=6.0
redhat enterprise Linux workstation	=6.0
	=1.6.0
	=1.6.0-update1
	=1.6.0-update10
	=1.6.0-update11
	=1.6.0-update12
	=1.6.0-update13
	=1.6.0-update14
	=1.6.0-update15
	=1.6.0-update16
	=1.6.0-update17
	=1.6.0-update18
	=1.6.0-update19
	=1.6.0-update2
	=1.6.0-update20
	=1.6.0-update21
	=1.6.0-update22
	=1.6.0-update23
	=1.6.0-update24
	=1.6.0-update25
	=1.6.0-update26
	=1.6.0-update27
	=1.6.0-update29
	=1.6.0-update3
	=1.6.0-update30
	=1.6.0-update31
	=1.6.0-update32
	=1.6.0-update33
	=1.6.0-update34
	=1.6.0-update4
	=1.6.0-update5
	=1.6.0-update6
	=1.6.0-update7
	=1.6.0-update8
	=1.6.0-update9
	=1.7.0
	=1.7.0-update1
	=1.7.0-update2
	=1.7.0-update3
	=1.7.0-update4
	=1.7.0-update5
	=1.7.0-update6
	=1.6.0
	=1.6.0-update1
	=1.6.0-update10
	=1.6.0-update11
	=1.6.0-update12
	=1.6.0-update13
	=1.6.0-update14
	=1.6.0-update15
	=1.6.0-update16
	=1.6.0-update17
	=1.6.0-update18
	=1.6.0-update19
	=1.6.0-update2
	=1.6.0-update20
	=1.6.0-update21
	=1.6.0-update22
	=1.6.0-update23
	=1.6.0-update24
	=1.6.0-update25
	=1.6.0-update26
	=1.6.0-update27
	=1.6.0-update29
	=1.6.0-update3
	=1.6.0-update30
	=1.6.0-update31
	=1.6.0-update32
	=1.6.0-update33
	=1.6.0-update34
	=1.6.0-update4
	=1.6.0-update5
	=1.6.0-update6
	=1.6.0-update7
	=1.6.0-update9
	=1.7.0
	=1.7.0-update1
	=1.7.0-update2
	=1.7.0-update3
	=1.7.0-update4
	=1.7.0-update5
	=1.7.0-update6
	=6.0
	=6.3
	=6.0
	=6.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-4681?
CVE-2012-4681 has a critical severity rating due to its potential to allow remote execution of arbitrary code.
How do I fix CVE-2012-4681?
To fix CVE-2012-4681, update your Java Runtime Environment to the latest version provided by Oracle.
Which Oracle products are affected by CVE-2012-4681?
CVE-2012-4681 affects Oracle Java SE 7 Update 6 and earlier, as well as various versions of Oracle JDK 6 and JRE 6 and 7.
Can CVE-2012-4681 be exploited remotely?
Yes, CVE-2012-4681 allows remote attackers to exploit the vulnerability through a malicious crafted applet.
What type of vulnerability is CVE-2012-4681?
CVE-2012-4681 is classified as a remote code execution vulnerability in the Java Runtime Environment.

agent/type
agent/description
agent/title
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/references
agent/author
agent/source
exploited/true
collector/cisa-known-exploited
source/CISA
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
collector/nvd-index
agent/tags
collector/nvd-api
agent/severity
agent/weakness
agent/last-modified-date
agent/softwarecombine
agent/event
vendor/oracle
canonical/oracle java
canonical/oracle jdk 6
version/oracle jdk 6/1.6.0
version/oracle jdk 6/1.6.0-update1
version/oracle jdk 6/1.6.0-update10
version/oracle jdk 6/1.6.0-update11
version/oracle jdk 6/1.6.0-update12
version/oracle jdk 6/1.6.0-update13
version/oracle jdk 6/1.6.0-update14
version/oracle jdk 6/1.6.0-update15
version/oracle jdk 6/1.6.0-update16
version/oracle jdk 6/1.6.0-update17
version/oracle jdk 6/1.6.0-update18
version/oracle jdk 6/1.6.0-update19
version/oracle jdk 6/1.6.0-update2
version/oracle jdk 6/1.6.0-update20
version/oracle jdk 6/1.6.0-update21
version/oracle jdk 6/1.6.0-update22
version/oracle jdk 6/1.6.0-update23
version/oracle jdk 6/1.6.0-update24
version/oracle jdk 6/1.6.0-update25
version/oracle jdk 6/1.6.0-update26
version/oracle jdk 6/1.6.0-update27
version/oracle jdk 6/1.6.0-update29
version/oracle jdk 6/1.6.0-update3
version/oracle jdk 6/1.6.0-update30
version/oracle jdk 6/1.6.0-update31
version/oracle jdk 6/1.6.0-update32
version/oracle jdk 6/1.6.0-update33
version/oracle jdk 6/1.6.0-update34
version/oracle jdk 6/1.6.0-update4
version/oracle jdk 6/1.6.0-update5
version/oracle jdk 6/1.6.0-update6
version/oracle jdk 6/1.6.0-update7
version/oracle jdk 6/1.6.0-update8
version/oracle jdk 6/1.6.0-update9
version/oracle jdk 6/1.7.0
version/oracle jdk 6/1.7.0-update1
version/oracle jdk 6/1.7.0-update2
version/oracle jdk 6/1.7.0-update3
version/oracle jdk 6/1.7.0-update4
version/oracle jdk 6/1.7.0-update5
version/oracle jdk 6/1.7.0-update6
canonical/oracle java runtime environment (jre)
version/oracle java runtime environment (jre)/1.6.0
version/oracle java runtime environment (jre)/1.6.0-update1
version/oracle java runtime environment (jre)/1.6.0-update10
version/oracle java runtime environment (jre)/1.6.0-update11
version/oracle java runtime environment (jre)/1.6.0-update12
version/oracle java runtime environment (jre)/1.6.0-update13
version/oracle java runtime environment (jre)/1.6.0-update14
version/oracle java runtime environment (jre)/1.6.0-update15
version/oracle java runtime environment (jre)/1.6.0-update16
version/oracle java runtime environment (jre)/1.6.0-update17
version/oracle java runtime environment (jre)/1.6.0-update18
version/oracle java runtime environment (jre)/1.6.0-update19
version/oracle java runtime environment (jre)/1.6.0-update2
version/oracle java runtime environment (jre)/1.6.0-update20
version/oracle java runtime environment (jre)/1.6.0-update21
version/oracle java runtime environment (jre)/1.6.0-update22
version/oracle java runtime environment (jre)/1.6.0-update23
version/oracle java runtime environment (jre)/1.6.0-update24
version/oracle java runtime environment (jre)/1.6.0-update25
version/oracle java runtime environment (jre)/1.6.0-update26
version/oracle java runtime environment (jre)/1.6.0-update27
version/oracle java runtime environment (jre)/1.6.0-update29
version/oracle java runtime environment (jre)/1.6.0-update3
version/oracle java runtime environment (jre)/1.6.0-update30
version/oracle java runtime environment (jre)/1.6.0-update31
version/oracle java runtime environment (jre)/1.6.0-update32
version/oracle java runtime environment (jre)/1.6.0-update33
version/oracle java runtime environment (jre)/1.6.0-update34
version/oracle java runtime environment (jre)/1.6.0-update4
version/oracle java runtime environment (jre)/1.6.0-update5
version/oracle java runtime environment (jre)/1.6.0-update6
version/oracle java runtime environment (jre)/1.6.0-update7
version/oracle java runtime environment (jre)/1.6.0-update9
version/oracle java runtime environment (jre)/1.7.0
version/oracle java runtime environment (jre)/1.7.0-update1
version/oracle java runtime environment (jre)/1.7.0-update2
version/oracle java runtime environment (jre)/1.7.0-update3
version/oracle java runtime environment (jre)/1.7.0-update4
version/oracle java runtime environment (jre)/1.7.0-update5
version/oracle java runtime environment (jre)/1.7.0-update6
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/6.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/6.3
canonical/redhat enterprise linux server
version/redhat enterprise linux server/6.0
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/6.0