Oracle JavaFX CVE-2012-0508 Remote Code Execution Vulnerability
BID:52010
Info
Oracle JavaFX CVE-2012-0508 Remote Code Execution Vulnerability
| Bugtraq ID: | 52010 |
| Class: | Unknown |
| CVE: |
CVE-2012-0508 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 14 2012 12:00AM |
| Updated: | Aug 31 2012 04:30PM |
| Credit: | Oracle |
| Vulnerable: |
VMWare ESX 4.1 Sun JavaFX 1.3 Sun JavaFX 1.2.2 HP HP-UX B.11.31 HP HP-UX B.11.23 HP HP-UX B.11.11 Avaya Voice Portal 5.1.2 Avaya Voice Portal 5.1.1 Avaya Voice Portal 5.1 SP1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.0 SP2 Avaya Voice Portal 5.0 SP1 Avaya Voice Portal 5.0 Avaya Proactive Contact 5.0 Avaya Proactive Contact 4.2.2 Avaya Proactive Contact 4.2.1 Avaya Proactive Contact 4.2 Avaya Messaging Storage Server 5.2.8 Avaya Messaging Storage Server 5.2.2 Avaya Messaging Storage Server 5.2 SP3 Avaya Messaging Storage Server 5.2 SP2 Avaya Messaging Storage Server 5.2 SP1 Avaya Messaging Storage Server 5.2 Avaya Messaging Application Server 5.2 Avaya Message Networking 5.2.1 Avaya Message Networking 5.2.4 Avaya Message Networking 5.2.3 Avaya Message Networking 5.2.2 Avaya Message Networking 5.2 SP1 Avaya Message Networking 5.2 Avaya Meeting Exchange 5.0 .0.52 Avaya Meeting Exchange 5.2 SP2 Avaya Meeting Exchange 5.2 SP1 Avaya Meeting Exchange 5.2 Avaya Meeting Exchange 5.1 SP1 Avaya Meeting Exchange 5.1 Avaya Meeting Exchange 5.0 SP2 Avaya Meeting Exchange 5.0 SP1 Avaya Meeting Exchange 5.0 Avaya IR 4.0 Avaya IQ 5.2 Avaya IQ 5.1.1 Avaya IQ 5.1 Avaya IQ 5 Avaya IP Office Application Server 8.0 Avaya IP Office Application Server 7.0 Avaya IP Office Application Server 6.1 Avaya Communication Manager 5.1.2 Avaya Communication Manager 5.2 Avaya Communication Manager 5.1 Avaya Communication Manager 5.0 SP3 Avaya Communication Manager 5.0 Avaya Call Management System R 16.0 Avaya Call Management System R 15.0 Avaya Aura System Platform 6.0.2 Avaya Aura System Platform 6.0.1 Avaya Aura System Platform 6.0 SP3 Avaya Aura System Platform 6.0 SP2 Avaya Aura System Platform 6.0 Avaya Aura System Platform 1.1 Avaya Aura System Manager 6.1.3 Avaya Aura System Manager 6.1.2 Avaya Aura System Manager 6.1.1 Avaya Aura System Manager 6.1 SP2 Avaya Aura System Manager 6.1 Sp1 Avaya Aura System Manager 6.1 Avaya Aura System Manager 6.0 SP1 Avaya Aura System Manager 6.0 Avaya Aura System Manager 5.2 Avaya Aura SIP Enablement Services 5.2.1 Avaya Aura SIP Enablement Services 5.2 Avaya Aura SIP Enablement Services 5.1 Avaya Aura SIP Enablement Services 5.0 Avaya Aura SIP Enablement Services 4.0 Avaya Aura Session Manager 6.1.3 Avaya Aura Session Manager 6.1.2 Avaya Aura Session Manager 6.1.1 Avaya Aura Session Manager 6.1 SP2 Avaya Aura Session Manager 6.1 Sp1 Avaya Aura Session Manager 6.1 Avaya Aura Session Manager 6.0 SP1 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2 SP2 Avaya Aura Session Manager 5.2 SP1 Avaya Aura Session Manager 5.2 Avaya Aura Session Manager 1.1 Avaya Aura Presence Services 6.1.1 Avaya Aura Presence Services 6.1 Avaya Aura Presence Services 6.0 Avaya Aura Messaging 6.1 Avaya Aura Messaging 6.0.1 Avaya Aura Messaging 6.0 Avaya Aura Experience Portal 6.0 Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura Communication Manager Utility Services 6.2 Avaya Aura Communication Manager Utility Services 6.1 Avaya Aura Application Server 5300 SIP Core 2.0 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Avaya Aura Application Enablement Services 5.2.3 Avaya Aura Application Enablement Services 5.2.2 Avaya Aura Application Enablement Services 5.2 |
| Not Vulnerable: | |
Discussion
Oracle JavaFX CVE-2012-0508 Remote Code Execution Vulnerability
Oracle JavaFX is prone to a remote code execution vulnerability.
The vulnerability can be exploited by enticing a user to open a malicious web page or a crafted file.
This vulnerability affects the following supported versions:
JavaFX 1.3.0 and JavaFX 1.2.2
Oracle JavaFX is prone to a remote code execution vulnerability.
The vulnerability can be exploited by enticing a user to open a malicious web page or a crafted file.
This vulnerability affects the following supported versions:
JavaFX 1.3.0 and JavaFX 1.2.2
Exploit / POC
Oracle JavaFX CVE-2012-0508 Remote Code Execution Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Oracle JavaFX CVE-2012-0508 Remote Code Execution Vulnerability
Solution:
Vendor updates are available. Please contact the vendor for more information.
Solution:
Vendor updates are available. Please contact the vendor for more information.
References
Oracle JavaFX CVE-2012-0508 Remote Code Execution Vulnerability
References:
References:
- HPSBUX02805 SSRT100919 rev.1 - HP-UX Running Java, Remote Unauthorized Access, D (HP)
- ASA-2012-128:Oracle Java Critical Update Combined CVEs (February 2012) (Avaya)
- HPSBMU02797 SSRT100867 rev.1 (HP)
- Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability (HP)
- Oracle Java SE Critical Patch Update Advisory - February 2012 (Oracle)
- VMSA-2012-0013 (VMWare)