BeyondTrust Zero Day Tracker
Your One-Stop Info Shop for Zero-Day Threat Education and Analysis
The BeyondTrust Research Team lives and breathes vulnerabilities every single day. Trust us to be your source for timely accurate information on Zero-Day vulnerabilities.
What's the Zero-Day Tracker?
The tracker catalogs the latest Zero-Day vulnerabilities and provides detailed analysis of each, including affected software, severity level, potential impact, and mitigation and protection procedures.Unspecified Remote Code Execution Vulnerability in Java 7
Date Disclosed: 01/10/201
Date Patched: No patch available.
Vendor:Oracle
Affected Software:Java 7u10 and earlier Java 7 versions
Description: An unspecified security bypass vulnerability within Java 7 allows for remote code execution. This vulnerability is being exploited in the wild, and is being leveraged by Exploits Kits such as Blackhole, Cool Exploit Kit, Nuclear Pack, and Redkit. Successful exploitabion allows an attacker to execute arbitrary code within the context of the currently logged on user.
Severity:
Code Execution:Yes
Impact:
Remote Code Execution
Exploitation of these vulnerabilities is possible through the use of methods like drive-by attacks. Remote attackers who successfully exploit this vulnerability will be able to execute code on vunlerable system with the same rights as the currently logged on user.
Mitigation:Disable Java 7.
Links:
News - KrebsOnSecurity
Analysis - AlienVault Labs
Analysis - Kafeine, Malware Don't Need Coffee
Malware Code - DangerLab via Pastebin
Audits:
18000 - Oracle Java Security Bypass Remote Code Execution (Zero-Day) - Windows
18001 - Oracle Java Security Bypass Remote Code Execution (Zero-Day) - UNIX/Linux
