Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <0fKn/hC1ni5ONtGtiW9paWRwDJk@OEL+AGsq2qOfta3tVB3M+FMK4kc>
Date: Wed, 29 Aug 2012 18:24:19 +0400
From: Eygene Ryabinkin <rea-sec@...elabs.ru>
To: oss-security@...ts.openwall.com
Cc: David Jorm <djorm@...hat.com>,
	"Steven M. Christey" <coley@...us.mitre.org>, hdm@...asploit.com,
	jdrake@...p.org
Subject: Re: CVE Request: Java 7 code execution 0day

Mon, Aug 27, 2012 at 07:52:57PM -0600, Kurt Seifried wrote:
> ======================================================
> Name: CVE-2012-4681
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4681 [Open
[...]
> Oracle Java 7 Update 6, and possibly other versions, allows remote
> attackers to execute arbitrary code via a crafted applet, as exploited
> in the wild in August 2012 using Gondzz.class and Gondvv.class.

According to the
  http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-August/020065.html
OpenJDK <= 7u4-b31 is also affected.
-- 
Eygene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.