This Metasploit module abuses the AverageRangeStatisticImpl from a Java Applet to run arbitrary Java code outside of the sandbox, a different exploit vector than the one exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.
d60e88d1c35ce2c590ccaca3bb69232e1fa72e0dc95b7d237cae3e89eaf0668aThis document is a detail analysis of the Java applet vulnerability as noted in CVE-2012-5076.
7eeb8ee0aa1f322c9171f7d50fdfb6981bdfe07f9917cd5cb594c930fb228140Red Hat Security Advisory 2012-1467-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
073319e9b784cd5873f2295d09afaa24f0cf1fbce8a32d3b9a830a65eed2065aThis Metasploit module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.
84f8085a7aae3cc5d26830a695a8c574d4ef5c13dfc3a77061731b06b87041f1Ubuntu Security Notice 1619-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.
01b5a462284182fc91534e669d352b638efb552e7d0ebbc4836b839b09d8b4eeRed Hat Security Advisory 2012-1391-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
3770f03a0ac3870330aa24ff9645cb6462a9572efa7139d66810106b5b74dee5Red Hat Security Advisory 2012-1386-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. The default Java security properties configuration did not restrict access to certain com.sun.org.glassfish packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This update lists those packages as restricted.
7953072500e60f1a34d886169a7e764d3576d701739377834ad9c9a8a433fabc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed