Search for vulnerabilities
| Vulnerability ID | VCID-vgj3-f8bk-afdm |
| Aliases |
CVE-2012-1533
|
| Summary | JDK: unspecified vulnerability (Deployment) |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| epss | 0.65882 | https://api.first.org/data/v1/epss?cve=CVE-2012-1533 |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1533.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2012-1533 | ||
| 867187 | https://bugzilla.redhat.com/show_bug.cgi?id=867187 | |
| CVE-2012-1533;OSVDB-86348 | Exploit | http://pastebin.com/eUucVage |
| CVE-2012-1533;OSVDB-86348 | Exploit | https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/26123.rb |
| GLSA-201401-30 | https://security.gentoo.org/glsa/201401-30 | |
| RHSA-2012:1391 | https://access.redhat.com/errata/RHSA-2012:1391 | |
| RHSA-2012:1392 | https://access.redhat.com/errata/RHSA-2012:1392 | |
| RHSA-2012:1466 | https://access.redhat.com/errata/RHSA-2012:1466 | |
| RHSA-2012:1467 | https://access.redhat.com/errata/RHSA-2012:1467 | |
| RHSA-2013:1455 | https://access.redhat.com/errata/RHSA-2013:1455 | |
| RHSA-2013:1456 | https://access.redhat.com/errata/RHSA-2013:1456 | |
| USN-1619-1 | https://usn.ubuntu.com/1619-1/ |
| Data source | Exploit-DB |
|---|---|
| Date added | June 11, 2013 |
| Description | Java - Web Start Double Quote Injection Remote Code Execution (Metasploit) |
| Ransomware campaign use | Unknown |
| Source publication date | June 11, 2013 |
| Exploit type | remote |
| Platform | multiple |
| Source update date | June 11, 2013 |
| Source URL | http://pastebin.com/eUucVage |
| Data source | Metasploit |
|---|---|
| Description | This module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. Parameters initial-heap-size and max-heap-size in a JNLP file can contain a double quote which is not properly sanitized when creating the command line for javaw.exe. This allows the injection of the -XXaltjvm option to load a jvm.dll from a remote UNC path into the java process. Thus an attacker can execute arbitrary code in the context of a browser user. This flaw was fixed in Oct. 2012 and affects JRE <= 1.6.35 and <= 1.7.07. In order for this module to work, it must be run as root on a server that does not serve SMB (In most cases, this means non-Windows hosts). Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. Alternatively, a UNC path containing a jvm.dll can be specified, bypassing the Windows limitation for the Metasploit host. |
| Note | Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects |
| Ransomware campaign use | Unknown |
| Source publication date | Oct. 16, 2012 |
| Platform | Windows |
| Source URL | https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/browser/java_ws_double_quote.rb |
| Percentile | 0.98528 |
| EPSS Score | 0.65882 |
| Published At | May 29, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-05-29T10:11:13.326566+00:00 | RedHat Importer | Import | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1533.json | 38.6.0 |