-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
Oracle releases Security Alert for CVE-2012-4681
31 August 2012
AusCERT Security Bulletin Summary
Product: JDK and JRE 7 Update 6 and earlier
JDK and JRE 6 Update 34 and earlier
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
CVE Names: CVE-2012-4681 CVE-2012-3136 CVE-2012-1682
Member content until: Sunday, September 30 2012
Comment: Exploits of these vulnerabilities are currently being widely used in
malware kits and the details of the vulnerabilities are publicly
documented and freely available.
Oracle have released Security Alert for CVE-2012-4681 which corrects
this vulnerability and three others in Oracle Java SE. Many of these
vulnerabilities are being actively exploited. 
Oracle has published updates for the Oracle Java SE product group.
The exploitable vulnerabilities apply to client deployment of Java.
The vulnerabilities can be exploited through untrusted Java Web Start
applications and untrusted Java applets with the privilege of the
currently logged in user. This may include administrative privileges,
as is typical in Windows XP. 
Due to the high severity of these vulnerabilities, Oracle strongly
recommends that customers apply this Security Alert as soon as
 Oracle Security Alert for CVE-2012-4681
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: email@example.com
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----