Java Exploits

New Java Exploits are raining!  I’m going to use this post to collect some data on them.

CVE-2013-1493 (Java 7 Update 15, Java 6 Update 41)
Date: February 2013
Pastebin:
Metasploit module:
Interesting blog posting:
http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html
http://krebsonsecurity.com/2013/03/new-java-0-day-attack-echoes-bit9-breach/

CVE-2013-0431 (Java 7 Update 11)
Date: February 2013
Pastebin: http://pastebin.com/QWU1rqjf
Metasploit module: exploit/multi/browser/java_jre17_jmxbean_2
Interesting blog postings:
http://security-obscurity.blogspot.it/2013/02/deobfuscating-java-7u11-exploit-from.html

CVE-2013-0422 (Java 1.7 Update 10)
Date: January 2013
Pastebin: http://pastebin.com/cUG2ayjh
Metasploit module: exploit/multi/browser/java_jre17_jmxbean
Interesting blog postings:
http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
https://community.rapid7.com/community/metasploit/blog/2013/01/11/omg-java-everybody-panic
http://www.reddit.com/r/netsec/comments/16b4n1/0day_exploit_fo_java_17u10_spotted_in_the_wild/
http://www.reddit.com/r/netsec/comments/ywbhq/new_java_0day_exploited_in_the_wild/
http://www.reddit.com/r/netsec/comments/16buer/source_code_for_the_java_7_0day/

CVE-2012-4681 (Java 7 Update 6)
Date: August 2012
Pastebin: http://pastie.org/4594319
Metasploit Module: exploit/multi/browser/java_jre17_exec
Interesting blog postings:
http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html 
https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day

http://krebsonsecurity.com/2012/08/attackers-pounce-on-zero-day-java-exploit/

CVE-2012-0507 (Java 7 Update 2, Java 6 Update 30)
Date: March 2012
Pastebin: http://pastebin.com/TtZSt4u4 and http://pastebin.com/ms5Sk009
Metasploit Module: exploit/multi/browser/java_atomicreferencearray
Interesting blog postings:
https://community.rapid7.com/community/metasploit/blog/2012/03/29/cve-2012-0507–java-strikes-again

Leave a Reply

Your email address will not be published. Required fields are marked *