cbcvebase.
CVE-2012-5088
published 2012-10-16

CVE-2012-5088: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect…

PriorityP180critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
78.70%
99.5th percentile
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

Affected

4 ranges
VendorProductVersion rangeFixed in
oraclejdk<= 1.7.0
oraclejdk
oraclejre<= 1.7.0
oraclejre

Detection & IOCsextracted from sources · hover to see the quote

pathdata/exploits/cve-2012-5088/Exploit.class
pathdata/exploits/cve-2012-5088/B.class
filenameExploit.class
filenameB.class
otherContent-Type: application/octet-stream (JAR delivery)
  • Inspect Java applet JAR files served over HTTP for the presence of both 'Exploit.class' (or a randomized alpha-name of the same length) and 'B.class' within the same archive, which is the exploit's class structure.
  • Alert on Java applets using MethodHandle (java.lang.invoke.MethodHandle) to perform access control bypass; the root cause is insufficient access control checks in the MethodHandle implementation.
  • Flag Java 7 Update 7 and earlier (7u7) as vulnerable; exploitation targets this specific version range.
  • HTML delivery page contains an applet tag loading a JAR; monitor for browser-initiated JAR downloads preceded by an HTML page with applet tags as a drive-by delivery indicator.
  • ·The exploit randomizes the exploit class name (same length as 'Exploit') and obfuscates 'metasploit'/'Payload' strings inside the JAR, so static string matching on class names will be evaded by the Metasploit module.
  • ·The JAR entries also have 'metasploit' and 'Payload' strings replaced with random alpha strings, defeating simple signature matching on those known Metasploit strings.
  • ·Java 1.6.x (OpenJDK and Sun JDK) is NOT affected; only Java 7 (7u7 and earlier) is vulnerable, so detections should be scoped accordingly.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
vendor_ubuntu10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.