CVE-2013-2423 Java Vulnerability Exploit ITW | Posted by SecResponse @ 14:36 GMT |
A few days after Oracle released its critical patch for Java, and CVE-2013-2423 is already being exploited. Upon checking the history, the exploitation seems to have begun on April 21st and is still actively happening (as of this post):
For a closer look, the image below contains a comparison of the classes found in the Metasploit module and that of the ITW sample:
Interestingly, the Metasploit module was published on the 20th, and as mentioned earlier, the exploit was seen in the wild the day after.
Information about the PoC can be found here.
Files are detected as Exploit:Java/Majava.B.
Sample hashes:
1a3386cc00b9d3188aae69c1a0dfe6ef3aa27bfa
23acb0bee1efe17aae75f8138f885724ead1640f
Post by — Karmina and @Timo
For a closer look, the image below contains a comparison of the classes found in the Metasploit module and that of the ITW sample:
Interestingly, the Metasploit module was published on the 20th, and as mentioned earlier, the exploit was seen in the wild the day after.
Information about the PoC can be found here.
Files are detected as Exploit:Java/Majava.B.
Sample hashes:
1a3386cc00b9d3188aae69c1a0dfe6ef3aa27bfa
23acb0bee1efe17aae75f8138f885724ead1640f
Post by — Karmina and @Timo
沒有留言:
張貼留言