CVE-2012-5076 Java Applet JAX-WS Remote Code Execution Metasploit Demo

Share it with your friends Like

Thanks! Share it with your friends!

Close

Blog : http://eromang.zataz.com
Twitter : http://twitter.com/eromang

Timeline :
Vulnerability patched by Oracle in 2012 October CPU
Vulnerability discovered exploited in the wild by kafeine the 2012-11-09
Metasploit PoC provided by juan vazquez the 2012-11-11

PoC provided by:
Unknown
juan vazquez

Reference(s) :
CVE-2012-5076
OSVDB-86363
BID-56054
Cool EK : “Hello my friend…”

Affected versions Java 1.7.0_07-b10 and earlier

Tested on Windows XP Pro SP3 with Java 1.7.0_07-b10

Description :
This module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.

More informations on http://eromang.zataz.com/2012/11/12/cve-2012-5076-java-applet-jax-ws-remote-code-execution-metasploit-demo/

Comments

Write a comment

*