Qualys Blog

www.qualys.com
wkandek

Exploit for Java 7u17 in Use in the Wild

In case you have not yet patched your Java installation to the latest version, Java 7u21 from last Tuesday April 16, here are three reasons to do so rather quickly:

  • On April 17, POC code for one of the vulnerabilities(CVE-2012-2423) in 7u17 was published by Jeroen Frijters, who discovered the vulnerability originally and was credited by Oracle in their release announcement
  • On April 20, a Metasploit module was released that the POC code CVE-2012-2423 and allows penetration testers to attack Java 7u17 and to take control of the targeted machine
  • On April 21, F-secure published a blog post saying that they are detecting attacks in the wild against that same vulnerabilty using code that has some similar named code structures as the original POC code and the Metasploit module.

If you need Java, you should patch now. If this is not possible, disconnect Java from the browser as the attack code is using the browser attack vector.

This exploit is unrelated to a new vulnerability discovered in Java 7u21, the latest available version, that Adam Gowdiak from Security Exploration submitted to the Oracle Security Team on April 22. The information on the vulnerability is kept private and no known exploits are available.

Leave a Reply