An initial threat vector may be hosted on a website in the form of an Applet. The Applet would contain code to exploit CVE-2012-0507.The intent of the exploit is to surreptitiously download and execute additional malware on the infected system. An indication of this may be the presence unusual traffic to unknown domains.
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 5(update 33),6(Update 30) and 7(update 2) and earlier updates allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
The vulnerability is in the implementation of the AtomicReferenceArray class that allows type safety checks to be circumvented to bypass the Java sandbox will permit Java to download and execute malware. The Applet typically contains code that consumes a URL Name (also a part of the Applet) which hosts the malware.
- Trend Micro - JAVA_EXPLOIT.ES
- Microsoft - Exploit:Java/CVE-2012-0507.CG
- Fortinet - W32/Java.FR!tr
- Ikarus - Trojan.Java.Exploit
Indication of Infection
- The exploit may download arbitrary files.
- This exploit attempts to download and execute additional malware to the infected system.
Methods of Infection
- This threat exploits an unpatched vulnerability in Sun Microsystems Java.
- This Trojan can be installed while browsing compromised websites.