Oracle Java Zero-days Found in 2013

May 23, 2013

Java is a set of several computer software products and specifications from Sun Microsystems (which has since merged with Oracle Corporation), that together provide a system for developing application software and deploying it in a cross-platform computing environment. Java is used in a wide variety of computing platforms from embedded devices and mobile phones on the low end, to enterprise servers and supercomputers on the high end.

In year 2013, multiple vulnerabilities have been found in Oracle Java products and some of them have been used for zero-days attacks. The zero-days found to date in year 2013 are listed below:

  • CVE-2013-0422 on Jan 10th, 2013
  • This vulnerability covers both the JMX/MBean and Reflection API issues. It has already been integrated into the existing Blackhole Exploit Kit and Nuclear Pack.

  • CVE-2013-1493 on Feb 28th, 2013
  • An out-of-bounds read or memory corruption will be triggered by exploiting this vulnerability.

  • CVE-2013-2423 on April 23rd, 2013
  • This vulnerability will cause Java security sandbox bypass.

Oracle has been working on updates of these security issues and released multiple updates from Java 1.7 Update 9, 10 to Java 1.7 Update 21, to resolve these security vulnerabilities.

Dell SonicWALL threat team has researched all the vulnerabilities and released signatures and advisory addressing the issues:

  • CVE-2013-0422
  • GAV: 34662 Exploit.CVE-2013-0422 (Exploit)
    GAV: 34661 Blacole.gen_26 (Exploit)
    GAV: CoolEK.Java.1 (Exploit)

We have also released an advisory for CVE-2013-0422 zero-day attack: New Java 0-day drive-by exploit (Jan 10, 2013).

  • CVE-2013-1493
  • GAV: 35877 McRat.B (Trojan)
    GAV: CVE-2013-1493 (Exploit)
    GAV: CVE-2013-1493_2 (Exploit)
    GAV: CVE-2013-1493_3 (Exploit)

  • CVE-2013-2423
  • IPS: 9835 "Oracle JRE HotSpot Remote Code Execution 3"
    GAV: 16134 CVE-2013-2423 (Exploit)

Updated on May 23rd by adding coverage of CVE-2013-1493.