Monday, August 27, 2012

Java 7 0-day vulnerability analysis

Here is our second article about Java 7 0-day vulnerability. Read more at
Considering that Rapid 7 posted a working exploit and addition to the exploit packs is imminent (Attackers Pounce on Zero-Day Java Exploit by Brian Krebs), plus other analysis articles are being published such as New Java 0day exploited in the wild  -by Alienvault, we decided that witholding details of the exploit will not offer additional protection but only hinder development of protection and signatures.

As we mentioned earlier, we contacted Michael Schierl, the Java expert who discovered a number of Java vulnerabilities and asked him to have a look. He sent back his detailed analysis, exploit source, the interim patch with the source code of the patched class.

Patch request:
  • Interim patch with the source code of the patched class. See the Readme of the patch in the previous post (thanks to Michael Schierl). 
Email from your company email address to admin <at>  and explain the planned use, please.

No comments:

Post a Comment