Java Runtime Environment 1.7 Zero-Day Exploit Delivers Backdoor

From Botnets.fr
Revision as of 21:08, 1 February 2015 by Eric.freyssinet (talk | contribs) (Created page with "{{Publication |ExploitKit=Gondad, |Vulnerability=CVE-2012-4681, |Year=2012 |Date=2012-09-28 |Editor=Trend Labs |Link=http://blog.trendmicro.com/java-runtime-environment-1-7-ze...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Java Runtime Environment 1.7 Zero-Day Exploit Delivers Backdoor
Botnet
Malware
Botnet/malware group
Exploit kits Gondad
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability CVE-2012-4681
CCProtocol
Date 2012 / 2012-09-28
Editor/Conference Trend Labs
Link http://blog.trendmicro.com/java-runtime-environment-1-7-zero-day-exploit-delivers-backdoor/ (Archive copy)
Author Manuel Gatbunton
Type Blogpost

Abstract

An unpatched JRE 1.7/Java 7 zero-day vulnerability (CVE-2012-4681) was recently found to be exploited by a malicious .JAR file hosted on a specific site. Successful exploit leads to the download of a backdoor, in effect allowing remote malicious users to execute their desired commands on the vulnerable system.

The zero-day exploit successfully runs in all versions of Internet Explorer, Firefox and Opera. According to a testing done by Metasploit, the vulnerability also runs on Google Chrome and Safari.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR455,
   editor = {Trend Labs},
   author = {Manuel Gatbunton},
   title = {Java Runtime Environment 1.7 Zero-Day Exploit Delivers Backdoor},
   date = {28},
   month = Sep,
   year = {2012},
   howpublished = {\url{http://blog.trendmicro.com/java-runtime-environment-1-7-zero-day-exploit-delivers-backdoor/}},
 }