JavaFX Vulnerability in Oracle Java SE Affects Security and Functionality
CVE-2012-4305

Currently unrated

Key Information:

Vendor: Oracle
Status: Javafx
Vendor: CVE Published:; 2 February 2013

Summary

An unspecified vulnerability in the JavaFX component of Oracle Java SE versions 2.2.4 and earlier allows remote attackers to impact confidentiality, integrity, and availability through unknown vectors. This issue can potentially enable remote code execution due to an 'invalid type cast' and exploitation of native methods within the T2KGlyph class. Such vulnerabilities may pose serious risks, allowing attackers to manipulate or interfere with Java applications running the affected versions.

References

http://www.verisigninc.com/en_US/products-and-services/ne...

third-party-advisoryx_refsource_IDEFENSE

http://www.us-cert.gov/cas/techalerts/TA13-032A.html

third-party-advisoryx_refsource_CERT

http://www.kb.cert.org/vuls/id/858729

third-party-advisoryx_refsource_CERT-VN

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 2, 2013
Vulnerability Reserved
Aug 14, 2012