CVE-2012-5076 Java Applet JAX-WS Remote Code Execution Metasploit Demo

Share it with your friends Like

Thanks! Share it with your friends!


Blog :
Twitter :

Timeline :
Vulnerability patched by Oracle in 2012 October CPU
Vulnerability discovered exploited in the wild by kafeine the 2012-11-09
Metasploit PoC provided by juan vazquez the 2012-11-11

PoC provided by:
juan vazquez

Reference(s) :
Cool EK : “Hello my friend…”

Affected versions Java 1.7.0_07-b10 and earlier

Tested on Windows XP Pro SP3 with Java 1.7.0_07-b10

Description :
This module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.

More informations on


Write a comment