Oracle Java Driver Manager Remote Code Execution Exploit

This module exploits a vulnerability in Oracle Java taking advantages of the java.sql.DriverManager class. The specific flaw exists within the usage of java.sql.DriverManager. The issue lies in an implicit call to toString() that is made within a doPrivileged block. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user. This vulnerability was one of the 2013's Pwn2Own challenges.
Exploit type: 
Vulnerabilty ID: 
CVE-2013-1488
Product Version: 
2013 R1
Released Date: 
Tuesday, June 11, 2013 - 00:00