This module exploits a vulnerability in Oracle Java taking advantages of the java.sql.DriverManager class. The specific flaw exists within the usage of java.sql.DriverManager. The issue lies in an implicit call to toString() that is made within a doPrivileged block. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user. This vulnerability was one of the 2013's Pwn2Own challenges.
An AccessControlContext attribute in the java.beans.Statement class of Oracle Java can be overwritten by unprivileged applets by using specially crafted Java Beans Expressions and Statements, even when the AccessControlContext attribute is declared as final. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user. This vulnerability has been found exploited in-the-wild on August 26, 2012.
Unsafe type handling performed by the AtomicReferenceArray class of the Oracle Java Runtime Environment can be abused to cause a type confusion error. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.
This module exploits a XSS vulnerability in Openfire, which leads to remote command injection impersonating the administrator and uploading a plugin. This module runs a web server waiting for vulnerable clients (any browser) to connect to it. When the client connects, it will use their cookie and try to install an agent by installing a plugin in openfire.
This module exploits a buffer overflow in Mozilla Firefox when parsing a malformed UTF-8 encoded URL. This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a memory corruption vulnerability. In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This module runs a web server waiting for vulnerable clients (Mozilla Firefox) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a XSS vulnerability in JOnAS which allows CORE Core Impact to perform remote command injection impersonating an administrator and uploading a plugin to the JOnAS server. This module runs a web server waiting for a JOnAS administrator to connect to it. When the client connects, it will retrieve the JOnAS administrator cookie and try to install an agent on the JOnAS server by installing a custom plugin in JOnAS.
Subscribe to Mac OS X