Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: jjotto

I can’t find anywhere that explains what the vulnerability is, or gives sample exploit code.


19 posted on 01/13/2013 7:21:51 AM PST by proxy_user
[ Post Reply | Private Reply | To 17 | View Replies ]

To: proxy_user

mmm...

Geeks who actually understand it tend to have their own sources, but there’s a fair amount of details like

http://blogs.cisco.com/security/new-java-vulnerability-being-exploited-in-the-wild/

...This Java vulnerability is due to improper security protections on built-in classes in the Java Runtime Environment.

An unsigned Java applet can use the setSecurityManager() function to bypass security checks and access an elevated security context.

There are a few allegations that the exploit for this new Java vulnerability (CVE-2013-0422) is very similar to the Java vulnerability reported late last year (CVE-2012-5088); however, it seems they are fairly different.

This article describes some of the technical details of the exploit...


24 posted on 01/13/2013 7:28:58 AM PST by jjotto ("Ya could look it up!")
[ Post Reply | Private Reply | To 19 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson