CVE-2012-5067

Oracle Java SE <7.7 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5067.

AI-analyzed exploit summary This Metasploit module exploits CVE-2012-5076 (incorrectly referenced as CVE-2012-5067 in the query) by leveraging JAX-WS classes in a Java Applet to execute arbitrary code outside the sandbox. It serves a malicious JAR file via an HTTP server, targeting Java 7u7 and earlier.

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.

Exploits (1)

exploitdb WORKING POC

rubyremotemultiple

https://www.exploit-db.com/exploits/22657

View Code ZIP pw:eip

This Metasploit module exploits CVE-2012-5076 (incorrectly referenced as CVE-2012-5067 in the query) by leveraging JAX-WS classes in a Java Applet to execute arbitrary code outside the sandbox. It serves a malicious JAR file via an HTTP server, targeting Java 7u7 and earlier.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle Java 7u7 and earlier

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · Java 7u7 or earlier must be installed

MITRE ATT&CK