82 lines
No EOL
3.1 KiB
Text
82 lines
No EOL
3.1 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA1
|
|
|
|
+------------------------------------------------------------------------------+
|
|
| Packet Storm Advisory 2013-0811-1 |
|
|
| http://packetstormsecurity.com/ |
|
|
+------------------------------------------------------------------------------+
|
|
| Title: Oracle Java storeImageArray() Invalid Array Indexing |
|
|
+--------------------+---------------------------------------------------------+
|
|
| Release Date | 2013/08/11 |
|
|
| Advisory Contact | Packet Storm (advisories@packetstormsecurity.com) |
|
|
| Researcher | Name Withheld |
|
|
+--------------------+---------------------------------------------------------+
|
|
| System Affected | Oracle Java |
|
|
| Versions Affected | Prior to 7u25 |
|
|
| Vendor Patched | 2013/06/18 |
|
|
| Classification | 0-day |
|
|
+--------------------+---------------------------------------------------------+
|
|
|
|
+----------+
|
|
| OVERVIEW |
|
|
+----------+
|
|
|
|
The release of this advisory provides exploitation details in relation to a
|
|
known patched vulnerability in Oracle Java. These details were obtained
|
|
through the Packet Storm Bug Bounty program and are being released to the
|
|
community.
|
|
|
|
+------------------------------------------------------------------------------+
|
|
|
|
+---------+
|
|
| DETAILS |
|
|
+---------+
|
|
|
|
Oracle Java versions prior to 7u25 suffer from an invalid array indexing
|
|
vulnerability that exists within the native storeImageArray() function inside
|
|
jre/bin/awt.dll. This vulnerability allows for remote code execution.
|
|
User interaction is required for this exploit in that the target must visit
|
|
a malicious page or open a malicious file.
|
|
|
|
+------------------------------------------------------------------------------+
|
|
|
|
+------------------+
|
|
| PROOF OF CONCEPT |
|
|
+------------------+
|
|
|
|
The full exploit code that pops calc.exe is available here:
|
|
|
|
http://packetstormsecurity.com/files/122777/
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/27526.tgz
|
|
|
|
+------------------------------------------------------------------------------+
|
|
|
|
+---------------+
|
|
| RELATED LINKS |
|
|
+---------------+
|
|
|
|
http://www.oracle.com/technetwork/java/javase/7u25-relnotes-1955741.html
|
|
|
|
+------------------------------------------------------------------------------+
|
|
|
|
|
|
+----------------+
|
|
| SHAMELESS PLUG |
|
|
+----------------+
|
|
|
|
The Packet Storm Bug Bounty program gives researchers the ability to profit
|
|
from their discoveries. You can get paid thousands of dollars for one day
|
|
and zero day exploits. Get involved by contacting us at
|
|
getpaid@packetstormsecurity.com or visit the bug bounty page at:
|
|
|
|
http://packetstormsecurity.com/bugbounty/
|
|
|
|
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: GnuPG v1.4.14 (GNU/Linux)
|
|
|
|
iEYEARECAAYFAlIIYEsACgkQrM7A8W0gTbFs0QCffnEpYjY5df7CO3eMnQQGnINg
|
|
jHMAn3eQUGgfWXg1nYMChmXpc7jKSm4m
|
|
=rLHj
|
|
-----END PGP SIGNATURE----- |