'Re: [oss-security] CVE Request: Java 7 code execution 0day'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: Java 7 code execution 0day
From:       Eygene Ryabinkin <rea-sec () codelabs ! ru>
Date:       2012-08-29 14:24:19
Message-ID: 0fKn/hC1ni5ONtGtiW9paWRwDJk () OEL+AGsq2qOfta3tVB3M+FMK4kc
[Download RAW message or body]

Mon, Aug 27, 2012 at 07:52:57PM -0600, Kurt Seifried wrote:
> ======================================================
> Name: CVE-2012-4681
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4681 [Open
[...]
> Oracle Java 7 Update 6, and possibly other versions, allows remote
> attackers to execute arbitrary code via a crafted applet, as exploited
> in the wild in August 2012 using Gondzz.class and Gondvv.class.

According to the
  http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-August/020065.html
OpenJDK <= 7u4-b31 is also affected.
-- 
Eygene
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic