Preemptive Protection against Oracle JRE Restrictions Bypass Remote Code Execution (CVE-2012-4681)

Vulnerability
Protection

Check Point Reference:	CPAI-2012-622
Date Published:
Preemptive Since:
Severity:
Source:	Rapid 7
Industry Reference(s):	CVE-2012-4681
Protection Provided by:	Security Gateway R75
Who is Vulnerable? Java Runtime Environment (JRE) Applications
Vulnerability Description Multiple remote code execution vulnerabilities have been reported in Oracle Java Runtime Environment (JRE).

Vulnerability Details
The vulnerabilities are due to restrictions bypass. A remote attacker can exploit these vulnerabilities by enticing a target user to open a malicious Java applet with the vulnerable application. Successful exploitation could allow an attacker to inject and execute code on the target.

Protection Overview
This protection will detect and block attempts to exploit these vulnerabilities.No update is required to address this vulnerabilityUsers are protected against this vulnerability if the Java Signed Applet protection found in the Protection section of SBP-2011-07 has been applied.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R75 / R71 / R70

How Can I Protect My Network?

In the IPS tab, click Protections and find the Java Signed Applet protection using the Search tool and Edit the protection's settings.
Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Java Signed Applet

Legal Notice for Threat Center Advisories