Zero-day vulnerabilities discovered: 3
Array indexing error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The exploit was released by security research group Packet Storm Security.
Software: Oracle Java SE
Known/fameous malware:
Styx exploit kit, previously known as Kein
Fiesta EK
Links:
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26978
https://www.zscaler.com/blogs/research/exploring-java-vulnerability-cve-2013-2465-used-fiesta-ek
http://infosecdailydigest.com/2013/08/24/metasploit-module-demo-for-cve-2013-2465-java-storeimagearr...
https://sgros-students.blogspot.com/2014/01/java-cve-2013-2465-vulnerability-and.html
http://www.pcworld.com/article/2046821/cybercriminals-add-new-exploit-for-recently-patched-java-vuln...
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability allows a remote user to execute arbitrary code on the target system via MC Rat (Trojan). The vulnerability was found with the help of Malware Protection Cloud (MPC).
The vulnerability turned out to have been exploited in Sun Shop Campaign and related to breach at security firm Bit9.
Software: Oracle Java SE
Known/fameous malware:
Trojan.Naid, Trojan.Dropper (Symantec).
Links:
https://www.fireeye.com/blog/threat-research/2013/02/yaj0-yet-another-java-zero-day-2.html
https://twitter.com/jduck/status/307629902574800897
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html
http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1915099.xml
https://blogs.oracle.com/security/entry/security_alert_cve_2013_1493
https://www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-inciden...
https://krebsonsecurity.com/2013/03/new-java-0-day-attack-echoes-bit9-breach/
Arbitrary code execution
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The CVE-2013-0422 exploit has also been identified as distributing GameHack and Banki malicious code. The vulnerability was used by Blackhole, Cool Exploit, and Nuclear exploit kits.
Software: Oracle Java SE
Known/fameous malware:
TROJ_REVETON.RJ
TROJ_REVETON.RG.
Links:
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
http://www.kb.cert.org/vuls/id/625617
http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
https://www.ibm.com/blogs/psirt/oracle-java-7-security-manager-bypass-vulnerability-cve-2013-0422/
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-verbose-1896885.html
http://www.ampliasecurity.com/blog/2013/01/10/java_7_update_10_0-day_vulnerability_CVE-2013-0422/
http://www.zdnet.com/article/targeted-attack-against-uae-activist-utilizes-cve-2013-0422-drops-malwa...
http://www.welivesecurity.com/2013/01/11/java-0-day-exploit-cve-2013-0422/
http://www.cparequirements.com/2013/05/apple-facebook-and-microsoft-all-victims-of-java-cve-2013-042...
http://global.ahnlab.com/global/upload/download/documents/1401223631614158.pdf