Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2012-4822 to a friend New vulnerability? New tool? Tell us	CVE-2012-4822 IBM Java Runtime Environment Multiple Remote Code Execution Vulnerabilities     Credit: The original article can be found at: http://technet.microsoft.com/security/advisory/2794220 The original article can be found at: http://www-01.ibm.com/support/docview.wss?uid=swg21616617 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2012-4822 Details Check for CVE-2012-4822 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * IBM Java SDK 6 SR10 and prior To exploit these issues, an attacker must entice an unsuspecting user into visiting a specially crafted webpage that contains a malicious Applet, or into opening a specially crafted file. An attacker can exploit these issues to execute arbitrary code and bypass sandbox security feature of Java in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. CVE-2012-4820: IBM Java could allow a remote attacker to execute arbitrary code on the system, caused by insecure use of the java.lang.reflect.Method invoke() method. By persuading a victim to visit a malicious Web site containing a specially-crafted applet, an attacker could exploit this vulnerability to bypass sandbox restrictions and execute arbitrary Java code. CVE-2012-4821:IBM Java could allow a remote attacker to execute arbitrary code on the system, caused by insecure use of the java.lang.Class getDeclaredMethods() and java.lang.reflect.AccessibleObject setAccessible() methods. By persuading a victim to visit a malicious Web site containing a specially-crafted applet, an attacker could exploit this vulnerability to bypass sandbox restrictions and execute arbitrary Java code. CVE-2012-4822:IBM Java could allow a remote attacker to execute arbitrary code on the system, caused by insecure use multiple methods in the java.lang.class class. By persuading a victim to visit a malicious Web site containing a specially-crafted applet, an attacker could exploit this vulnerability to bypass sandbox restrictions and execute arbitrary Java code. CVE-2012-4823:IBM Java could allow a remote attacker to execute arbitrary code on the system, caused by insecure use of the java.lang.ClassLoder defineClass() method. By persuading a victim to visit a malicious Web site containing a specially-crafted applet, an attacker could exploit this vulnerability to bypass sandbox restrictions and execute arbitrary Java code. CVE Information: CVE-2012-4820 CVE-2012-4821 CVE-2012-4822 CVE-2012-4823 Disclosure Timeline: Published: December 30 2012  Comments on CVE-2012-4822:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®