This module abuses the Method Handle class from a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects Java version 7u7 and earlier.Timeline :
- Vulnerability patched by Oracle in 2012 October CPU
- Metasploit PoC provided the 2013-01-22
PoC provided by :
- Unknown
- juan vazquez
Reference(s) :
- CVE-2012-5088
- OSVDB-86352
- BID-56057
- Oracle October 2012 CPU
- New Java Modules in Metasploit… No 0 days this time
Affected version(s) :
- Oracle Java version 7 Update 7 and earlier.
Tested on Windows 8 Pro with :
- Internet Explorer 10
- Oracle Java 7 Update 7
Source : eromang.zataz.com
No comments:
Post a Comment