BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Java Reflection API Remote Code Execution Vulnerability

Disclosed July 18, 2013    Fully Patched

Vulnerability Description:

A vulnerability with the Java reflection API can be exploited by attackers to escape the sandbox and gain the ability to execute remote code on a vulnerable version of Java.

Vendors:

Oracle

Vulnerable Software/Devices:

Java SE 7 Update 25 (1.7.0_25-b16) and prior

Vulnerability Severity:

High

Exploit Availability:

N/A

Exploit Impact:

Remote Code Execution
Remote Code Execution Exploitation of this vulnerability is possible through the use of methods like drive-by attacks. Remote attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as the currently logged on user.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 31080 - Oracle JRE/JDK Multiple Vulnerabilities (CPU-OCT-2013) - Windows - JDK
  • 31081 - Oracle JRE/JDK Multiple Vulnerabilities (CPU-OCT-2013) - Windows - JRE
  • 31082 - Oracle JRE/JDK Multiple Vulnerabilities (CPU-OCT-2013) - Linux - JDK
  • 31083 - Oracle JRE/JDK Multiple Vulnerabilities (CPU-OCT-2013) - Linux - JRE
  • 31084 - Oracle JRE/JDK Multiple Vulnerabilities (CPU-OCT-2013) - JavaFX

Mitigation:

Apply the Oracle October 2013 CPU.

Links:

CVE(s):

None

Leave a Reply