addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscontroller-playcrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1light-bulblinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonprintShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

Madison Information Security Group Message Board › CVE-2012-4681 - Java, SecurityManager bypass

CVE-2012-4681 - Java, SecurityManager bypass

Marcin A.
MarcinAntkiewicz
Group Organizer
Chicago, IL
Post #: 5
http://www.kb.cert.org/vuls/id/636312­
Oracle does unlikely to rush a CPU

From CERT:

Impact
By convincing a user to visit a specially crafted HTML document, a remote attacker may
be able to execute arbitrary code on a vulnerable system.
Solution
We are currently unaware of a practical solution to this problem. Please consider the following workarounds:
Disable the Java plug-in


The issues is exploited in the wild, and there is a Metasploit module.

Oracle released a patch ahead of their scheduled CPU release. However, as it turns out, the patch introduces
another vulnerability.
Powered by mvnForum

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy