Lucene search

K
zdiBen MurphyZDI-13-041
HistoryMar 22, 2013 - 12:00 a.m.

Oracle Java doPrivilegedWithCombiner Security Manager Bypass Remote Code Execution Vulnerability

2013-03-2200:00:00
Ben Murphy
www.zerodayinitiative.com
14

0.044 Low

EPSS

Percentile

92.5%

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or run a malicious file. The specific bypass exists within usage of MethodHandles invoking AccessController.doPrivilegedWithCombiner. This allows a malicious applet to execute attacker supplied code resulting in remote code execution under the context of the process.