CVE-2012-4681

ENISA EUVD: EUVD-2012-4606 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 2 articles Published: 2012-08-28

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

94.14%

probability

This CVE has a 94.14% probability of being exploited in the next 30 days.

0% Top 99.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

9.8

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

10.0

HIGH

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

Affected Products

n/a

oracle

jdk

oracle

jre

redhat

enterprise linux desktop

redhat

enterprise linux eus

redhat

enterprise linux server

n/a

Attack Intelligence

CWE-284 · Improper Access Control

Exploits & PoC

benjholla/CVE-2012-4681-Armoring

An A/V evasion armoring experiment for CVE-2012-4681

1 2017-03-02

ZH3FENG/PoCs-CVE_2012_4681

A Simple PoC for CVE-2012-4681

0 2018-01-05

2 repos — triés par ⭐ Rechercher sur GitHub ↗

http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html

x_refsource_MISC

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html

vendor-advisory x_refsource_SUSE

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html

vendor-advisory x_refsource_SUSE

http://www.us-cert.gov/cas/techalerts/TA12-240A.html

third-party-advisory x_refsource_CERT

http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/

x_refsource_MISC

http://marc.info/?l=bugtraq&m=135109152819176&w=2

vendor-advisory x_refsource_HP

Signal Intelligence

Confidenceⓘ

78%

EPSS 94.14%

CVSS v3.1 9.8

Mentions 2

CNA Information

CNA Assigner

mitre

Analyst Note

CVE-2012-4681 is a Java vulnerability explicitly documented as a zero-day being exploited in the wild by exploit packs before Oracle released patches. The articles directly reference active exploitation and concurrent patch release, meeting zero-day criteria despite limited metadata availability.

Threat Actors 1

Equation Group

apt_group Sabotage and destruction 🇺🇸 US

Triage Info

Decided atMar 20, 2026

Published DateAug 28, 2012