Re: CVE Request: Java 7 code execution 0day

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/27/2012 06:27 PM, David Jorm wrote:
> Hi All
>
> A 0-day flaw exploited in the wild has been reported to affect Java
> 7:
>
> http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
http://pastie.org/4594319
> This issue was confirmed to allow unsigned applet to bypass Java
> applet restrictions and run arbitrary code on users' systems. A lot
> of public information is now available for this flaw:
>
> http://www.h-online.com/security/news/item/Warning-on-critical-Java-hole-1676219.html
http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html
> https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day
https://github.com/rapid7/metasploit-framework/commit/52ca1083c22de7022baf7dca8a1756909f803341
> This flaw does not have a CVE ID assigned. I contacted Oracle
> asking if they have assigned one, but got no response. Can someone
> please assign a CVE ID to this flaw?
>
> Thanks

Please use CVE-2012-3539 for this issue in Java from Oracle. Please
note that additional CVE's may be issued if it is discovered that this
issue affects over versions of Java/etc.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQPBu2AAoJEBYNRVNeJnmT1FkP/i9l3aCEN6O+f+u+gs3ShI0T
RGxQiJ3qkv58/rz608p/xbljRxUmVbjTBDZDN3tPbqzp7mTa4xDlBB/hU2okVAVD
yHqOPpWwnWv4rsZz5CvcEuGJda+mlhljLU1Ar6L+XoWZtDgDc7bxs9Ms6hESNM+X
qqQhaaHqZf+AuG5QIb975O4Pj/O8UxeK/B/XRoXCOZNeAuOT+XMQuhphQaJQ9sHS
2WwEIdeURcX2WOa5mNCG4EFIIOlkSN2hhzXB1SMX5bp0x8x9+CYLjlGUUKmx+kop
qk6WsoRuzDzFyC4C9ICKq8rapDN9DHhfqbYhjT9BOKZIdz+lWmzaXLdL8AdFGkdE
EAfzrwmkhrdQFYbZmrlG+Xlc6snhZSdAbBUO7W7C3hMzIyW8VT8VKlegz1F3vMbo
ZL8bPGdHQZZp7v/4vsxkXOzzt6iskjS9h4raJw6jO55gwNAZI7iMG38h68wK/84h
VmJDJVjkZoxdT1adbNpasefkXPJej6ZdH6a1fISPklm7jLUand3PHUCY6EeH+zfD
ntKSe4x1vIVShjJpoadEZL1LNhtP7WQYr+NiTUoK5z4Qir1MDBS251OW09n4aXZB
P7Drjne4IhrM+u8DkxdSPER1DmIlcrPrDYXbu6rrKaqSoJ+7FnaCQCzrf6LKDPYq
HKwv3A6E0w2ZESSIl4fe
=ib65
-----END PGP SIGNATURE-----