Exploited by the Fancy Bear APT.
This was quite useful in Pawn Storm, as it used exploits targeting these vulnerabilities to carry out targeted attacks against North Atlantic Treaty Organization (NATO) members and the White House earlier this year.
Vulnerability details
Advisory: SB2015101901 - Security bypass Oracle Java SE
Vulnerable component: Oracle Java SE
CVE-ID: CVE-2015-4902
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H/RL:O/RC:C
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
Description:
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to unknown error related to the Java SE Deployment component. A remote attacker can bypass the click-to-play protection in Java.
Successful exploitation of the vulnerability results in security bypass on the vulnerable system.
Note: the vulnerability was being actively exploited.
Known APT campaigns:
NATO breach and the attacks against White House members
The attacks were performed by PawnStorm attackers.
External links:
http://blog.trendmicro.com/trendlabs-security-intelligence/new-headaches-how-the-pawn-storm-zero-day...
https://blog.qualys.com/laws-of-vulnerabilities/2015/10/21/oracle-critical-patch-update-october-2015
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://resources.infosecinstitute.com/the-shadow-of-the-russian-cyber-army-behind-the-2016-president...