CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Metasploit Modules Related To Oracle JDK 1.7.0

CVE-2012-1533  Sun Java Web Start Double Quote Injection
This module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. Parameters intial-heap-size and max-heap-size in a JNLP file can contain a double quote which is not properly sanitized when creating the command line for javaw.exe. This allows the injection of the -XXaltjvm option to load a jvm.dll from a remote UNC path into the java process. Thus an attacker can execute arbitrary code in the context of a browser user. This flaw was fixed in Oct. 2012 and affects JRE <= 1.6.35 and <= 1.7.07. In order for this module to work, it must be run as root on a server that does not serve SMB (In most cases, this means non-Windows hosts). Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. Alternatively, a UNC path containing a jvm.dll can be specified, bypassing the Windows limitation for the Metasploit host.
Module type : exploit Rank : excellent Platforms : Windows
CVE-2012-4681  Java 7 Applet Remote Code Execution
The exploit takes advantage of two issues in JDK 7: The ClassFinder and MethodFinder.findMethod(). Both were newly introduced in JDK 7. ClassFinder is a replacement for classForName back in JDK 6. It allows untrusted code to obtain a reference and have access to a restricted package in JDK 7, which can be used to abuse sun.awt.SunToolkit (a restricted package). With sun.awt.SunToolkit, we can actually invoke getField() by abusing findMethod() in Statement.invokeInternal() (but getField() must be public, and that's not always the case in JDK 6) in order to access Statement.acc's private field, modify AccessControlContext, and then disable Security Manager. Once Security Manager is disabled, we can execute arbitrary Java code. Our exploit has been tested successfully against multiple platforms, including: IE, Firefox, Safari, Chrome; Windows, Ubuntu, OS X, Solaris, etc.
Module type : exploit Rank : excellent Platforms : Java,Linux,Windows
CVE-2012-5076  Java Applet AverageRangeStatisticImpl Remote Code Execution
This module abuses the AverageRangeStatisticImpl from a Java Applet to run arbitrary Java code outside of the sandbox, a different exploit vector than the one exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.
Module type : exploit Rank : excellent Platforms : Java,Linux,OSX,Windows
CVE-2012-5076  Java Applet JAX-WS Remote Code Execution
This module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.
Module type : exploit Rank : excellent Platforms : Java,Windows
CVE-2012-5088  Java Applet Method Handle Remote Code Execution
This module abuses the Method Handle class from a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects Java version 7u7 and earlier.
Module type : exploit Rank : excellent Platforms : Java,Linux,OSX,Windows
CVE-2013-422  Java Applet JMX Remote Code Execution
This module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in January of 2013. The vulnerability affects Java version 7u10 and earlier.
Module type : exploit Rank : excellent Platforms : Java,Linux,OSX,Windows
CVE-2013-431  Java Applet JMX Remote Code Execution
This module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February of 2013. Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning to the user.
Module type : exploit Rank : excellent Platforms : Java,Linux,OSX,Windows
CVE-2013-1493  Java CMM Remote Code Execution
This module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013. The vulnerability affects Java version 7u15 and earlier and 6u41 and earlier and has been tested successfully on Windows XP SP3 and Windows 7 SP1 systems. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.
Module type : exploit Rank : normal Platforms : Java,Windows
CVE-2013-2423  Java Applet Reflection Type Confusion Remote Code Execution
This module abuses Java Reflection to generate a Type Confusion, due to a weak access control when setting final fields on static classes, and run code outside of the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java Web Start can be launched automatically throw the ActiveX control. Otherwise the applet is launched without click-to-play bypass.
Module type : exploit Rank : excellent Platforms : Java,Linux,OSX,Windows
CVE-2013-2460  Java Applet ProviderSkeleton Insecure Invoke Method
This module abuses the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java version 7u21 and earlier.
Module type : exploit Rank : great Platforms : Java,Linux,OSX,Windows
CVE-2013-2465  Java storeImageArray() Invalid Array Indexing Vulnerability
This module abuses an Invalid Array Indexing Vulnerability on the static function storeImageArray() function in order to cause a memory corruption and escape the Java Sandbox. The vulnerability affects Java version 7u21 and earlier. The module, which doesn't bypass click2play, has been tested successfully on Java 7u21 on Windows and Linux systems.
Module type : exploit Rank : great Platforms : Java,Linux,Windows

Please note: Metasploit modules are only matched by CVE numbers. There may be other modules related to this product. Visit metasploit web site for more details
Total number of modules found = 11   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.