oss-sec mailing list archives
Re: CVE Request: Java 7 code execution 0day
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 27 Aug 2012 19:15:34 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/27/2012 06:27 PM, David Jorm wrote:
Hi All A 0-day flaw exploited in the wild has been reported to affect Java 7: http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
http://pastie.org/4594319
This issue was confirmed to allow unsigned applet to bypass Java applet restrictions and run arbitrary code on users' systems. A lot of public information is now available for this flaw: http://www.h-online.com/security/news/item/Warning-on-critical-Java-hole-1676219.html
http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html
https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day
https://github.com/rapid7/metasploit-framework/commit/52ca1083c22de7022baf7dca8a1756909f803341
This flaw does not have a CVE ID assigned. I contacted Oracle asking if they have assigned one, but got no response. Can someone please assign a CVE ID to this flaw? Thanks
Please use CVE-2012-3539 for this issue in Java from Oracle. Please note that additional CVE's may be issued if it is discovered that this issue affects over versions of Java/etc. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQPBu2AAoJEBYNRVNeJnmT1FkP/i9l3aCEN6O+f+u+gs3ShI0T RGxQiJ3qkv58/rz608p/xbljRxUmVbjTBDZDN3tPbqzp7mTa4xDlBB/hU2okVAVD yHqOPpWwnWv4rsZz5CvcEuGJda+mlhljLU1Ar6L+XoWZtDgDc7bxs9Ms6hESNM+X qqQhaaHqZf+AuG5QIb975O4Pj/O8UxeK/B/XRoXCOZNeAuOT+XMQuhphQaJQ9sHS 2WwEIdeURcX2WOa5mNCG4EFIIOlkSN2hhzXB1SMX5bp0x8x9+CYLjlGUUKmx+kop qk6WsoRuzDzFyC4C9ICKq8rapDN9DHhfqbYhjT9BOKZIdz+lWmzaXLdL8AdFGkdE EAfzrwmkhrdQFYbZmrlG+Xlc6snhZSdAbBUO7W7C3hMzIyW8VT8VKlegz1F3vMbo ZL8bPGdHQZZp7v/4vsxkXOzzt6iskjS9h4raJw6jO55gwNAZI7iMG38h68wK/84h VmJDJVjkZoxdT1adbNpasefkXPJej6ZdH6a1fISPklm7jLUand3PHUCY6EeH+zfD ntKSe4x1vIVShjJpoadEZL1LNhtP7WQYr+NiTUoK5z4Qir1MDBS251OW09n4aXZB P7Drjne4IhrM+u8DkxdSPER1DmIlcrPrDYXbu6rrKaqSoJ+7FnaCQCzrf6LKDPYq HKwv3A6E0w2ZESSIl4fe =ib65 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Java 7 code execution 0day David Jorm (Aug 27)
- Re: CVE Request: Java 7 code execution 0day Kurt Seifried (Aug 27)
- Re: CVE Request: Java 7 code execution 0day Kurt Seifried (Aug 27)
- Re: CVE Request: Java 7 code execution 0day Eygene Ryabinkin (Aug 29)
- Re: CVE Request: Java 7 code execution 0day Kurt Seifried (Aug 27)
- Re: CVE Request: Java 7 code execution 0day Kurt Seifried (Aug 27)