This module exploits a vulnerability in Oracle Java. The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This vulnerability allows for remote code execution.
An AccessControlContext attribute in the java.beans.Statement class of Oracle Java can be overwritten by unprivileged applets by using specially crafted Java Beans Expressions and Statements, even when the AccessControlContext attribute is declared as final. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user. This vulnerability has been found exploited in-the-wild on August 26, 2012.
Unsafe type handling performed by the AtomicReferenceArray class of the Oracle Java Runtime Environment can be abused to cause a type confusion error. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.
The sun.plugin2.applet.Applet2ClassLoader class of Oracle Java does not properly validate if the URL of a Java class file matches the "codebase" parameter while loading applets. This vulnerability allows an applet to execute arbitrary code outside the sandbox without restrictions, which can be exploited to install an agent on the target machine.
The default Java security properties configuration does not restrict access to certain objects in the com.sun.jmx.mbeanserver packages. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.
The Import Server component of Oracle WebCenter Capture is affected by a buffer overflow vulnerability. This could allow command execution when a user loads a web page which calls the SetAnnotationFont method of the BlackIceDevMode.ocx ActiveX control with a overly long string argument. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 and 7 in Windows XP SP3) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Oracle AutoVue Electro-Mechanical Professional is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .DWG file. The attacker must entice a victim into opening a specially crafted .DWG file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
A buffer overflow vulnerability found in the AutoVue.ocx ActiveX control due in strcpy function in the SetMarkupMode method, when handling a specially crafted sMarkup argument. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 and 7 without JAVA, and Internet Explorer 8 with JAVA 6 in Windows XP, and Internet Explorer 8 and 9 in Windows VISTA/SEVEN with Java 6 installed) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Subscribe to Windows