CVE-2012-3174
Publication date 14 January 2013
Last updated 24 July 2024
Ubuntu priority
Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| icedtea-web | ||
| openjdk-6 | ||
| openjdk-7 | ||
| sun-java5 | ||
| sun-java6 | ||
Notes
jdstrand
like with CVE-2013-0422, exploit code does not work with OpenJDK at this time. Users are advised to disable and/or uninstall the IcedTea plugin (regardless of version) as a precaution unless its use is strictly required. Fixed in IcedTea 2.2.3 and 2.3.4
References
Related Ubuntu Security Notices (USN)
- USN-1693-1
- OpenJDK 7 vulnerabilities
- 16 January 2013
Other references
- http://www.kb.cert.org/vuls/id/625617
- https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013
- http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
- http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
- http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
- http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
- http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html
- http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html
- http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html
- https://blogs.oracle.com/security/entry/security_alert_for_cve_2013
- https://www.cve.org/CVERecord?id=CVE-2012-3174