Browse files

Description updated

  • Loading branch information...
1 parent 7e579db commit 30fd2cf25629ba718ed8dd210f676750446c4693 jvazquez-r7 committed Aug 28, 2012
Showing with 7 additions and 4 deletions.
  1. +7 −4 modules/exploits/multi/browser/java_jre17_exec.rb
View
11 modules/exploits/multi/browser/java_jre17_exec.rb
@@ -20,10 +20,13 @@ def initialize( info = {} )
super( update_info( info,
'Name' => 'Java 7 Applet Remote Code Execution',
'Description' => %q{
- This module exploits a vulnerability in Java 7, which allows an attacker to run arbitrary
- Java code outside the sandbox. This flaw is also being exploited in the wild, and there is
- no patch from Oracle at this point. The exploit has been tested to work against: IE, Chrome
- and Firefox across different platforms.
+ This module exploits a vulnerability in Java 7, which allows an attacker to run
+ arbitrary Java code outside the sandbox. The vulnerability seems to be related to
+ the use of the newly introduced ClassFinder#resolveClass in Java 7, which allows
+ the sun.awt.SunToolkit class to be loaded and modified. Please note this flaw is
+ also being exploited in the wild, and there is no patch from Oracle at this point.
+ Our module has been successfully tested on multiple setups, including: IE, Firefox,
+ Chrome on Windows, Linux and OS X, etc.
},
'License' => MSF_LICENSE,
'Author' =>

0 comments on commit 30fd2cf

Please sign in to comment.