Very annoying false positive for Java application

Hello,

we are running a Java application on the desktop, and it is reported as an exploit and blocked. This is highly annoying.

Screenshots:
http://botcompany.de/1004590/raw/1101872
http://botcompany.de/1004590/raw/1101873

Program: https://botcompany.de/files/1400242/auto-jump-cutter-0.1.jar

The reported exploit relates to Java applets which try to break out of a sandbox using a JDK 7 vulnerability. However, we are running a native desktop application here, so there is no sandbox to begin with. This message should never even appear for any desktop application.

The only “nefarious” thing the program does is opening a local port in order to communicate with instances of itself on the same machine. It also compiles its own Java code, but why would that be a problem? As said before, the “exploit” doesn’t even apply logically.

It’s open-source software too and really doesn’t do anything bad.

Please fix this, this is really important.

you find how to report it info here:
https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier)
Avast Free/Pro/IS/Premier topics and issues, not viruses or false alarms here!

Use Viruses and worms section

https://www.virustotal.com/gui/file/a29f4c1f68060a4d81742978f17712295603e194cc00d780159f22b0b4991c16/detection

Detection Java:CVE-2012-4681-KH [Expl] is legit.

Our virus specialists have been working on this problem and they informed me that this detection is correct.

For future reference you might also find the following articles to be useful: