You are here

V-143: Fresh Java issues being exploited in the wild

April 26, 2013 - 6:00am

Addthis

PROBLEM:

A new Metasploit module for the Java 7u17 sandbox bypass emerged

PLATFORM:

All versions of Java SE-7 (including the recently released 1.7.0_21-b11)

ABSTRACT:

Java issues are being exploited in the wild by exploit kits, with Cool and Redkit specifically being known to use these bugs, and others likely to follow shortly.

REFERENCE LINKS:

SecList SE-2012-01
Security Explorations

IMPACT ASSESSMENT:

Medium

DISCUSSION:

It can be used to achieve a complete Java security sandbox bypass on a target system.

IMPACT:

Manipulation of data
System access

SOLUTION:

Vendor recommends patch systems immediately

Addthis