Advisory Details

February 22nd, 2012

Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability

ZDI-12-038
ZDI-CAN-1453

CVE ID
CVSS SCORE 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)
AFFECTED VENDORS Oracle
AFFECTED PRODUCTS Java Runtime
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 12108. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within JavaFX, a downloadable Java extension. The JavaFX Jar file is signed by Oracle and can be installed without user interaction. Once installed it is possible to invoke the main method of any trusted class with arbitrary arguments and with a trusted call stack. This can be leveraged to remote code execution under the context of the user.

ADDITIONAL DETAILS Oracle has issued an update to correct this vulnerability. More details can be found at:
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
DISCLOSURE TIMELINE
  • 2011-11-21 - Vulnerability reported to vendor
  • 2012-02-22 - Coordinated public release of advisory
CREDIT Chris Ries
BACK TO ADVISORIES