Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 4

Remote code execution in Oracle Java SE
CVE-2012-4681

Error Handling

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper handling of Rhino Javascript errors. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and bypass sandbox restrictions to download and execute arbitrary code  with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The researchers of FireEye began investigation of the vulnerability after Twitter post made by Joshua J. Drake on August, 26.

Software: Oracle Java SE

The researchers of FireEye began investigation of the vulnerability after Twitter post made by Joshua J. Drake on August, 26.

Remote code execution in Oracle Java SE
CVE-2012-1723

Improper Input Validation

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an error in the HotSpot bytecode verifier. By using untrusted Java Web Start applications and untrusted Java applets in a client deployment, a remote attacker can execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was exploited by BlackHole Exploit Toolkit after official patch.
The vulnerability was made public by Michael тАШmihiтАЩ Schierl.
According to Brian Krebs, the exploit was used in targeted attacks before official patch from Oracle.

Software: Oracle Java SE

Known/fameous malware:

Trojan.Maljava.

The vulnerability was exploited by BlackHole Exploit Toolkit after official patch.
The vulnerability was made public by Michael тАШmihiтАЩ Schierl.
According to Brian Krebs, the exploit was used in targeted attacks before official patch from Oracle.

TNS Listener Poisoning Attack in Oracle Database
CVE-2012-1675

Spoofing attack

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error in the TNS listener service. A remote attacker can register an existing instance or service name, use man-in-the-middle techniques and read, inject or modify transmitted data.

Successful exploitation of this vulnerability may result in unauthorized access to entire database.

Note: the vulnerability was being actively exploited.

i

Joxean Koret discovered this vulnerability in 2008 and publicly disclosed in 2012.

The vulnerability was used in "TNS Listener Poison Attack"

Software: Oracle Database Server

Joxean Koret discovered this vulnerability in 2008 and publicly disclosed in 2012.

The vulnerability was used in "TNS Listener Poison Attack"

Remote code execution in Oracle Java SE
CVE-2012-3213

Error Handling

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper handling of Rhino Javascript errors. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and execute arbitrary code with privileges of the current user via untrusted Java Web Start applications and untrusted Java applets.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was disclosed by James Forsha.
Exploited by Wild Neutron.

Software: Oracle Java SE

Known/fameous malware:

Exploit.Java.CVE-2012-3213.b.

The vulnerability was disclosed by James Forsha.
Exploited by Wild Neutron.