Threatpost – (International) New Java attack introduced into Cool Exploit Kit. A new exploit was found in the Cool Exploit Kit for a vulnerability in Java 7 Update 7 as well as older versions, a flaw patched by Oracle in Java 7 Update 9. Cool Exploit Kit was discovered in October and is largely responsible for dropping the Reveton ransomware. A researcher introduced a new Metasploit module November 11 by a new Metasploit module, according to a frequent Metasploit contributor. He suggested it is likely the exploit has been in the wild for a period and has only now been integrated into an exploit kit. The new Java exploit, a sandbox escape, targets vulnerability CVE-2012-5076 repaired in Oracle's October 2012 Critical Patch Update. Attackers can run arbitrary code on compromised machines, the Metasploit contributor said.
Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.
Explore All Posts by Ali LoneyTags
Try Nexus Repository Free Today
Sonatype Nexus Repository is the world’s most trusted artifact repository manager. Experience the difference and download Community Edition for free.