Application Security --- My Real Experiences and My Own Approaches: System Hacking by exploiting vulnerability of Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier.

Sunday, May 20, 2012

System Hacking by exploiting vulnerability of Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier.

Oracle Java SE versions mentioned above is prone to a remote code-execution vulnerability in Java Runtime Environment.

The vulnerability can be exploited over multiple protocols. This issue affects the 'Scripting' sub-component.

This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27 and earlier.

Here is the CVE update : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544

Demonstration

I have prepared a demo to show How this vulnerability can be exploited to hack a system.

Visit direct link http://www.youtube.com/watch?v=FDiEZZ8xA3U is video is not clearly visible above.

Disclaimer : This video is made for public awareness purpose and author is not responsible for any misuse of this video.

Prevention :

Update the latest version of the components.

http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

Application Security --- My Real Experiences and My Own Approaches

Sunday, May 20, 2012

System Hacking by exploiting vulnerability of Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier.

No comments:

ZDI: Upcoming Advisories

Latest security vulnerabilities

HITBSecNews - Keeping Knowledge Free for Over a Decade

SANS Internet Storm Center, InfoCON: green

ZDI: Published Advisories

SC Magazine

Fortify Blog

FEEDJIT Live Traffic Feed