This module abuses the AverageRangeStatisticImpl from a Java Applet to run arbitrary Java code outside of the sandbox, a different exploit vector than the one exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier. Timeline :
- Vulnerability patched by Oracle in 2012 October CPU
- Vulnerability discovered exploited in the wild by kafeine the 2012-11-09
- First Metasploit PoC provided the 2012-11-11
- Second Metasploit PoC provided the 2013-01-22
- Unknown
- juan vazquez
- CVE-2012-5076
- OSVDB-86363
- BID-56054
- Cool EK : “Hello my friend…”
- Oracle October 2012 CPU
- New Java Modules in Metasploit… No 0 days this time
- Oracle Java version 7 Update 7 and earlier.
- Internet Explorer 10
- Oracle Java 7 Update 7
No comments:
Post a Comment