⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-03-24.

CVE-2012-4681Improper Access Control in Oracle JDK

CWE-284Improper Access Control35 documents15 sources
Severity
9.8CRITICALNVD
EPSS
94.1%
top 0.09%
CISA KEV
KEVRansomware
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
8
Canonical Ubuntu LinuxOpensuseOracle JDK+5 more
Timeline
PublishedAug 28
KEV addedMar 3
KEV dueMar 24
Latest updateFeb 2
CISA Required Action: Apply updates per vendor instructions.

Description

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

NVDoracle/jdk1.6.0, 1.7.0+1
NVDoracle/jre1.6.0, 1.7.0+1

Also affects: Ubuntu Linux 12.10, Enterprise Linux 6.3

🔴Vulnerability Details

3
GHSA
GHSA-fw99-8m5g-58p8: Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute ar2022-05-14
GHSA
GHSA-r293-6mhc-29xx: Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiat2022-05-05
VulnCheck
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability2012

💥Exploits & PoCs

2
Exploit-DB
Java 7 Applet - Remote Code Execution (Metasploit)2012-08-27
Metasploit
Java 7 Applet Remote Code Execution

📋Vendor Advisories

3
CISA
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability2022-03-03
Red Hat
OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017)2013-01-10
Red Hat
OpenJDK: beans insufficient permission checks, Java 7 0day (beans, 7162473)2012-08-27

🕵️Threat Intelligence

15
Greynoiseio
The Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updates2026-02-02
Securelist
Investigation Report for the September 2014 Equation malware detection incident in the US2017-11-16
Securelist
Investigation Report for the September 2014 Equation malware detection incident in the US2017-11-16
Tenable
Monitoring the Life of a Java Zero-Day Exploit with Tenable USM2012-10-25
Tenable
Monitoring the Life of a Java Zero-Day Exploit with Tenable USM2012-10-25

📄Research Papers

3
arXiv
MalCVE: Malware Detection and CVE Association Using Large Language Models2026-02-02
CTF
Secured Java / README2022
arXiv
ProPatrol: Attack Investigation via Extracted High-Level Tasks2018-10-12

💬Community

7
Bugzilla
CVE-2013-0422 OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017)2013-01-10
Bugzilla
CVE-2012-4681 OpenJDK: Java 7 0day vulnerability [fedora-17]2012-08-30
Bugzilla
CVE-2012-4681 OpenJDK: Java 7 0day vulnerability [fedora-16]2012-08-30
Bugzilla
CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)2012-08-30
Bugzilla
CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)2012-08-30
CVE-2012-4681 — Improper Access Control in Oracle JDK | cvebase