Java MBeanInstantiator findClass and Introspector Sandbox Escape

2013-03-04T00:00:00
ID SAINT:9AD9476D8EB15E21C99160959F48E5D8
Type saint
Reporter SAINT Corporation
Modified 2013-03-04T00:00:00

Description

Added: 03/04/2013
CVE: CVE-2013-0431
BID: 57726
OSVDB: 89613

Background

Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets.

Problem

Java versions prior to 7 Update 13 are vulnerable to a sandbox security bypass due to a misuse of the java.lang.reflect.Method class by the com.sun.jmx.mbeanserver.Introspector class. When combined with the MBeanInstantiator findClass vulnerability from CVE-2013-0422, this may allow an attacker to embed malicious java applets into a webpage and have a payload of their choice execute on a victim's system while bypassing all security warnings.

Resolution

Apply the updates specified in the Oracle Java SE Critical Patch Update Advisory - February 2013.

References

<http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html>
<http://support.novell.com/security/cve/CVE-2013-0431.html>

Limitations

This exploit has been tested against Oracle JRE 7 Update 11 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows