Java Runtime Environment DriverManager doPrivileged block sandbox bypass

Added: 05/24/2013
CVE: CVE-2013-1488
BID: 58504
OSVDB: 91472

Background

Oracle Java is a development platform for developing and deploying Java applications. It includes the Java Development Kit (JDK) and the Java Runtime Environment (JRE). The JRE provides the minimum requirements for executing a Java application (e.g., an applet) and consists of the Java Virtual Machine (JVM), core classes and supporting files.

Problem

A vulnerability in the java.sql.DriverManager class allows arbitrary command execution outside the security sandbox due to an implicit call to the toString() function that is made within a doPrivileged block.

Resolution

Upgrade to the current version of Java SE.

References

http://www.zerodayinitiative.com/advisories/ZDI-13-076/
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

Limitations

Exploit works on JRE 7 Update 17 on Windows XP SP3 (DEP OptIn), Windows 7 SP1 (DEP OptIn), and Ubuntu 12.10, and requires the user to open the exploit page in Internet Explorer on Windows or Firefox on Linux.

Platforms

Windows
Linux

Back to exploit index