Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-p127-f7pc-gfen
Vulnerability ID VCID-p127-f7pc-gfen
Aliases CVE-2012-1723
Summary Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution.
Status Published
Exploitability 2.0
Weighted Severity 8.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3.1 9.8 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html
ssvc Act http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html
cvssv3.1 9.8 http://marc.info/?l=bugtraq&m=134496371727681&w=2
ssvc Act http://marc.info/?l=bugtraq&m=134496371727681&w=2
cvssv3.1 9.8 http://rhn.redhat.com/errata/RHSA-2012-0734.html
ssvc Act http://rhn.redhat.com/errata/RHSA-2012-0734.html
epss 0.94083 https://api.first.org/data/v1/epss?cve=CVE-2012-1723
epss 0.94083 https://api.first.org/data/v1/epss?cve=CVE-2012-1723
epss 0.94083 https://api.first.org/data/v1/epss?cve=CVE-2012-1723
cvssv3.1 9.8 http://secunia.com/advisories/51080
ssvc Act http://secunia.com/advisories/51080
cvssv3.1 9.8 http://security.gentoo.org/glsa/glsa-201406-32.xml
ssvc Act http://security.gentoo.org/glsa/glsa-201406-32.xml
cvssv3.1 9.8 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16259
ssvc Act https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16259
cvssv3.1 9.8 http://www.ibm.com/support/docview.wss?uid=swg21615246
ssvc Act http://www.ibm.com/support/docview.wss?uid=swg21615246
cvssv3.1 9.8 http://www.mandriva.com/security/advisories?name=MDVSA-2012:095
ssvc Act http://www.mandriva.com/security/advisories?name=MDVSA-2012:095
cvssv3.1 9.8 http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
ssvc Act http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
cvssv3.1 9.8 http://www.securityfocus.com/bid/53960
ssvc Act http://www.securityfocus.com/bid/53960
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1723.json
https://api.first.org/data/v1/epss?cve=CVE-2012-1723
019076.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html
51080 http://secunia.com/advisories/51080
53960 http://www.securityfocus.com/bid/53960
829373 https://bugzilla.redhat.com/show_bug.cgi?id=829373
advisories?name=MDVSA-2012:095 http://www.mandriva.com/security/advisories?name=MDVSA-2012:095
CVE-2012-1723;OSVDB-82877 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/19717.rb
docview.wss?uid=swg21615246 http://www.ibm.com/support/docview.wss?uid=swg21615246
GLSA-201401-30 https://security.gentoo.org/glsa/201401-30
GLSA-201406-32 https://security.gentoo.org/glsa/201406-32
javacpujun2012-1515912.html http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
?l=bugtraq&m=134496371727681&w=2 http://marc.info/?l=bugtraq&m=134496371727681&w=2
oval%3Aorg.mitre.oval%3Adef%3A16259 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16259
RHSA-2012:0729 https://access.redhat.com/errata/RHSA-2012:0729
RHSA-2012:0730 https://access.redhat.com/errata/RHSA-2012:0730
RHSA-2012:0734 https://access.redhat.com/errata/RHSA-2012:0734
RHSA-2012-0734.html http://rhn.redhat.com/errata/RHSA-2012-0734.html
RHSA-2012:1009 https://access.redhat.com/errata/RHSA-2012:1009
RHSA-2012:1019 https://access.redhat.com/errata/RHSA-2012:1019
USN-1505-1 https://usn.ubuntu.com/1505-1/
Data source Exploit-DB
Date added July 11, 2012
Description Java Applet - Field Bytecode Verifier Cache Remote Code Execution (Metasploit)
Ransomware campaign use Known
Source publication date July 11, 2012
Exploit type remote
Platform java
Source update date July 11, 2012
Data source KEV
Date added March 3, 2022
Description Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.
Required action Apply updates per vendor instructions.
Due date March 24, 2022
Note 
https://nvd.nist.gov/vuln/detail/CVE-2012-1723
Ransomware campaign use Known
Data source Metasploit
Description This module exploits a vulnerability in HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checks. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.
Note 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
Ransomware campaign use Unknown
Source publication date June 6, 2012
Platform Java,Linux,OSX,Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/java_verifier_field_access.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:23:25Z/ Found at http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://marc.info/?l=bugtraq&m=134496371727681&w=2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:23:25Z/ Found at http://marc.info/?l=bugtraq&m=134496371727681&w=2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2012-0734.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:23:25Z/ Found at http://rhn.redhat.com/errata/RHSA-2012-0734.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/51080
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:23:25Z/ Found at http://secunia.com/advisories/51080
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://security.gentoo.org/glsa/glsa-201406-32.xml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:23:25Z/ Found at http://security.gentoo.org/glsa/glsa-201406-32.xml
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16259
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:23:25Z/ Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16259
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.ibm.com/support/docview.wss?uid=swg21615246
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:23:25Z/ Found at http://www.ibm.com/support/docview.wss?uid=swg21615246
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.mandriva.com/security/advisories?name=MDVSA-2012:095
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:23:25Z/ Found at http://www.mandriva.com/security/advisories?name=MDVSA-2012:095
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:23:25Z/ Found at http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/53960
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:23:25Z/ Found at http://www.securityfocus.com/bid/53960
Exploit Prediction Scoring System (EPSS)
Percentile 0.99904
EPSS Score 0.94083
Published At April 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:10:10.373056+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201406-32 38.0.0