Oracle Java contains a flaw related to the handling of applets. The issue is triggered due to the SunToolkit (part of sun.awt.* and packaged in rt.jar) providing a method with executes privileged operations and returns a reference to a Field object. The method can also call setAccessible(true) on the field allowing it to disable a 'final' or 'private' directive. With a crafted applet, a context-dependent attacker can use this method to execute arbitrary code.

Upgrade Java SE to version 7 Update 7 or higher or 6 Update 35 or higher, as they have been reported to fix this vulnerability. It is also possible to limit the attack surface for the flaw by disabling Java in your browser.

• Security Tracker: 1027447
• Related OSVDB ID:
• CVE ID: 2012-3539 (see also: NVD) 2012-4681 (see also: NVD)
• Exploit Database: 20865
• Secunia Advisory ID: 50133 50469 50498 50545 50607 50629 50723 51044
• Bugtraq ID: 55213
• ISS X-Force ID: 77972
• Other Advisory URL: http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
  http://eromang.zataz.com/2012/10/27/funny-and-efficient-anti-virus-bypass-packed-java-applets-exploits-cve-2012-4681-in-the-wild/
  http://immunityproducts.blogspot.com.ar/2012/08/java-0day-analysis-cve-2012-4681.html
  http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/
  http://thexploit.com/sec/java-facepalm-suntoolkit-getfield-vulnerability/
  http://twitter.com/MarkWuergler/statuses/233919816463941632
  http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html
  http://www.kahusecurity.com/2012/crimeboss-exploit-pack/
  https://www.virustotal.com/file/09d10ae0f763e91982e1c276aad0b26a575840ad986b8f53553a4ea0a948200f/analysis/
• Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/55213.java
• Vendor Specific News/Changelog Entry: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03533078
  http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html
  http://www.ibm.com/developerworks/java/jdk/alerts/
• News Article: http://krebsonsecurity.com/2012/08/attackers-pounce-on-zero-day-java-exploit/
  http://www.pcworld.com/businesscenter/article/261484/unpatched_java_vulnerability_exploited_in_targeted_attacks_researchers_say.html
  http://www.techworld.com.au/article/434757/unpatched_java_vulnerability_exploited_targeted_attacks_researchers_say/
  http://www.zdnet.com/au/java-zero-day-allegedly-spotted-in-the-wild-7000003200/
• Vendor Specific Advisory URL: http://lists.apple.com/archives/security-announce/2012/Sep/msg00000.html
  http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
  http://www2.schneider-electric.com/resources/sites/SCHNEIDER_ELECTRIC/content/live/FAQS/162000/FA162073/en_US/Java%20Vulnerability%20(CVE-2012-4681)%20Advisory.pdf
• Mail List Post: http://seclists.org/bugtraq/2012/Nov/16
• RedHat RHSA: RHSA-2012:1223 RHSA-2012:1225 RHSA-2012:1289

• Not Available