Resources Blog New Java Attack Introduced Into Cool Exploit Kit

New Java Attack Introduced Into Cool Exploit Kit

Threatpost – (International) New Java attack introduced into Cool Exploit Kit. A new exploit was found in the Cool Exploit Kit for a vulnerability in Java 7 Update 7 as well as older versions, a flaw patched by Oracle in Java 7 Update 9. Cool Exploit Kit was discovered in October and is largely responsible for dropping the Reveton ransomware. A new Metasploit module was introduced November 11 by a researcher, according to a frequent Metasploit contributor. He suggested it is likely the exploit has been in the wild for a period of time and has only now been integrated into an exploit kit. The new Java exploit, a sandbox escape, targets vulnerability CVE-2012-5076 that was repaired in Oracle’s October 2012 Critical Patch Update. Attackers can run arbitrary code on compromised machines, the Metasploit contributor said.


Picture of Ali Loney

Written by Ali Loney

Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.