CVE-2012-1543 - OpenCVE

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an invalid type cast in the JSObject class.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:H/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle	Javafx

Configuration 1 [-]

OR	cpe:2.3:a:oracle:javafx::::::::
	cpe:2.3:a:oracle:javafx:2.0:::::::*
	cpe:2.3:a:oracle:javafx:2.0.2:::::::*
	cpe:2.3:a:oracle:javafx:2.0.3:::::::*
	cpe:2.3:a:oracle:javafx:2.1:::::::*
	cpe:2.3:a:oracle:javafx:2.2:::::::*
	cpe:2.3:a:oracle:javafx:2.2.3:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://www.kb.cert.org/vuls/id/858729
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
http://www.us-cert.gov/cas/techalerts/TA13-032A.html
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1026
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16673

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-02-02T00:00:00

Updated: 2024-08-06T19:01:02.622Z

Reserved: 2012-03-08T00:00:00

Link: CVE-2012-1543

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-02-02T00:55:01.130

Modified: 2017-09-19T01:34:46.997

Link: CVE-2012-1543

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an invalid type cast in the JSObject class."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "TA13-032A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"}, {"name": "VU#858729", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/858729"}, {"name": "HPSBMU02874", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "20130201 Oracle Java SE JavaFx JSObject Invalid Type Cast Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1026"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"}, {"name": "oval:org.mitre.oval:def:16673", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16673"}, {"name": "SSRT101184", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1543", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an invalid type cast in the JSObject class."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "TA13-032A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"}, {"name": "VU#858729", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/858729"}, {"name": "HPSBMU02874", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "20130201 Oracle Java SE JavaFx JSObject Invalid Type Cast Vulnerability", "refsource": "IDEFENSE", "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1026"}, {"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"}, {"name": "oval:org.mitre.oval:def:16673", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16673"}, {"name": "SSRT101184", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:01:02.622Z"}, "title": "CVE Program Container", "references": [{"name": "TA13-032A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"}, {"name": "VU#858729", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/858729"}, {"name": "HPSBMU02874", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "20130201 Oracle Java SE JavaFx JSObject Invalid Type Cast Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1026"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"}, {"name": "oval:org.mitre.oval:def:16673", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16673"}, {"name": "SSRT101184", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1543", "datePublished": "2013-02-02T00:00:00", "dateReserved": "2012-03-08T00:00:00", "dateUpdated": "2024-08-06T19:01:02.622Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:javafx:*:*:*:*:*:*:*:*", "matchCriteriaId": "900995E9-D131-451F-AE5C-BEDA1E8E13A3", "versionEndIncluding": "2.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:javafx:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "64BDB79F-96E0-43A4-81CD-BADF0B039006", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:javafx:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "EC0E861D-AEBC-46EF-8CA6-CF7DE2518DB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:javafx:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "EB4477BB-9B0A-4874-9A5B-1B6193DC94E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:javafx:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "BBA3A1CE-1531-426A-A600-4DD6FB63D01A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:javafx:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "1E2179A9-513A-46AA-BC4D-ED988B38650F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:javafx:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "F37311B5-5404-435B-BBB6-76DA3EA19730", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an invalid type cast in the JSObject class."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en el componente JavaFX en Oracle Java SE JavaFX 2.2.4 y anteriores, permite a atacantes remotos comprometer la integridad, disponibilidad y confidencialidad a trav\u00e9s de vectores no especificados. Vulnerabilidad distinta de otros CVEs listados en febrero de 2003."}], "evaluatorComment": "Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html\r\n\r\n\"Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)\"", "id": "CVE-2012-1543", "lastModified": "2017-09-19T01:34:46.997", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-02-02T00:55:01.130", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/858729"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"}, {"source": "cve@mitre.org", "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1026"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16673"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}