Java SE AtomicReferenceArray Unsafe Security Bypass

Added: 03/30/2012
CVE: CVE-2012-0507
BID: 52161
OSVDB: 80724

Background

Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets.
Java Standard Edition (Java SE) includes the Java Virtual Machine, along with a standard set of libraries used by many applications.

Problem

In affected versions of Java SE, the AtomicReferenceArray class uses an Unsafe class to store a reference. Attackers may leverage this weakness to escape the JRE sandbox. If successful, the attackers may then load java code of their choice, which could result in execution of arbitrary code on the target server.

Resolution

Apply the Oracle Java SE Critical Patch Update February 2012, upgrade Java SE to a version later than 7 Update 2, 6 Update 30, 5.0 Update 33, 1.4.2_35, or JavaFX 2.0.2.

References

http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx
http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3

Limitations

This exploit has been tested against Oracle JRE 7 Update 2 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows

Back to exploit index