Is CVE-2012-4681 actively exploited?

CVE-2012-4681 has no public evidence of in-the-wild exploitation as of 2025-10-22.

What is the CVSS score for CVE-2012-4681?

CVE-2012-4681 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2012-4681?

Patch guidance is available from oracle security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2012-4681.

Fix CVE-2012-4681 - CRITICAL oracle jdk

Q: Which products are affected by CVE-2012-4681?

85 products: oracle jdk, oracle jdk, oracle jdk, oracle jdk, oracle jdk, and 80 more.

Description

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: NVD-CWE-noinfoCWE-284

Metadata

Primary Vendor: ORACLE
Published: 8/28/2012
Last Modified: 10/22/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

oracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jdkoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreoracle : jreredhat : enterprise_linux_desktopredhat : enterprise_linux_eusredhat : enterprise_linux_serverredhat : enterprise_linux_workstation

Remediation Guidance

Executive Summary

View on NIST NVD