oss-sec mailing list archives
CVE Request: Java 7 code execution 0day
From: David Jorm <djorm () redhat com>
Date: Mon, 27 Aug 2012 20:27:07 -0400 (EDT)
Hi All A 0-day flaw exploited in the wild has been reported to affect Java 7: http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html http://pastie.org/4594319 This issue was confirmed to allow unsigned applet to bypass Java applet restrictions and run arbitrary code on users' systems. A lot of public information is now available for this flaw: http://www.h-online.com/security/news/item/Warning-on-critical-Java-hole-1676219.html http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day https://github.com/rapid7/metasploit-framework/commit/52ca1083c22de7022baf7dca8a1756909f803341 This flaw does not have a CVE ID assigned. I contacted Oracle asking if they have assigned one, but got no response. Can someone please assign a CVE ID to this flaw? Thanks -- David Jorm / Red Hat Security Response Team
Current thread:
- CVE Request: Java 7 code execution 0day David Jorm (Aug 27)
- Re: CVE Request: Java 7 code execution 0day Kurt Seifried (Aug 27)
- Re: CVE Request: Java 7 code execution 0day Kurt Seifried (Aug 27)
- Re: CVE Request: Java 7 code execution 0day Eygene Ryabinkin (Aug 29)
- Re: CVE Request: Java 7 code execution 0day Kurt Seifried (Aug 27)
- Re: CVE Request: Java 7 code execution 0day Kurt Seifried (Aug 27)