<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

New Java Attack Introduced Into Cool Exploit Kit

Threatpost – (International) New Java attack introduced into Cool Exploit Kit. A new exploit was found in the Cool Exploit Kit for a vulnerability in Java 7 Update 7 as well as older versions, a flaw patched by Oracle in Java 7 Update 9. Cool Exploit Kit was discovered in October and is largely responsible for dropping the Reveton ransomware. A new Metasploit module was introduced November 11 by a researcher, according to a frequent Metasploit contributor. He suggested it is likely the exploit has been in the wild for a period of time and has only now been integrated into an exploit kit. The new Java exploit, a sandbox escape, targets vulnerability CVE-2012-5076 that was repaired in Oracle’s October 2012 Critical Patch Update. Attackers can run arbitrary code on compromised machines, the Metasploit contributor said.

Source: http://threatpost.com/en_us/blogs/new-java-attack-introduced-cool-exploit-kit-111212

Topics: News security AppSec Spotlight