Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion

2012-07-23T00:00:00
ID SAINT:AC0FD49ED1D431C39796A2464B457CF8
Type saint
Reporter SAINT Corporation
Modified 2012-07-23T00:00:00

Description

Added: 07/23/2012
CVE: CVE-2012-1723
BID: 53960
OSVDB: 82877

Background

Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets.

Problem

A vulnerability in the Hotspot subcomponent of Java Runtime Environment could allow a remote attacker to execute arbitrary code if a user is tricked into opening a web page with a specially crafted applet.

Resolution

Apply patches as directed in Oracle Java SE Critical Patch Update Advisory - June 2012.

References

<http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3>

Limitations

This exploit was tested against Oracle JRE 6 Update 32 and JRE 7 Update 4 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The target user must open the exploit file in Internet Explorer 8 or 9.

Platforms

Windows