Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2012-4681: Let's start the week with a new Java 0-day in Metasploit

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using “reflection with a trusted immediate caller” to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

CVE
#vulnerability#windows#apple#ubuntu#linux#java#oracle#zero_day#chrome#firefox#sap
  • Aug 27, 2012
  • 1 min read
  • Wei Chen

Last updated at Tue, 25 Jul 2017 13:55:46 GMT

On late Sunday night, the Metasploit Exploit team was looking for kicks, and heard the word on the street that someone was passing around a reliable Java 0-day exploit. Big thanks to Joshua J. Drake (jduck), we got our hands on that PoC, and then once again, started our voodoo ritual. Within a couple of hours, we have a working exploit. Download Metasploit here, and apply the latest update to pick up the exploit.

The above example is a successful attack against a fully patched Windows 7 SP1 with Java 7 Update 6. We have also tested the module against the following environments:

  • Mozilla Firefox on Ubuntu Linux 10.04
  • Internet Explorer / Mozilla Firefox / Chrome on Windows XP
  • Internet Explorer / Mozilla Firefox on Windows Vista
  • Internet Explorer / Mozilla Firefox on Windows 7
  • Safari on OS X 10.7.4

As a user, you should take this problem seriously, because there is currently no patch from Oracle. For now, our recommendation is to completely disable Java until a fix is available. NOTE: A fix is now available (Java 7 Update 7), please patch your system ASAP!

To try out this exploit: Get your free Metasploit download now, or update your existing installation. Meanwhile, we will keep this blog updated when more progress has been made.

Aug 28 2012: This vulnerability has been assigned as CVE-2012-4681.

Aug 30 2012: Oracle has released Java 7 Update 7

Wei is a Rapid7 veteran and an all-time top committer for the Metasploit Framework. Now a lead offensive security researcher for Metasploit, he specializes in vuln analysis and exploit development.

View Wei’s Posts

Related news

Majority of Ransomware Attacks Last Year Exploited Old Bugs

New research shows that 57 vulnerabilities that threat actors are currently using in ransomware attacks enable everything from initial access to data theft.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907