Oracle Java Zero-days Found in 2013 (Apr 26, 2013)


Java is a set of several computer software products and specifications from Sun Microsystems (which has since merged with Oracle Corporation), that together provide a system for developing application software and deploying it in a cross-platform computing environment. Java is used in a wide variety of computing platforms from embedded devices and mobile phones on the low end, to enterprise servers and supercomputers on the high end.

In year 2013, multiple vulnerabilities have been found in Oracle Java products and some of them have been used for zero-days attacks. The zero-days found to date in year 2013 are listed below:

  • CVE-2013-0422 on Jan 10th, 2013
  • This vulnerability covers both the JMX/MBean and Reflection API issues. It has already been integrated into the existing Blackhole Exploit Kit and Nuclear Pack.

  • CVE-2013-1493 on Feb 28th, 2013
  • An out-of-bounds read or memory corruption will be triggered by exploiting this vulnerability.

  • CVE-2013-2423 on April 23rd, 2013
  • This vulnerability will cause Java security sandbox bypass.

Oracle has been working on updates of these security issues and released multiple updates from Java 1.7 Update 9, 10 to Java 1.7 Update 21, to resolve these security vulnerabilities.

Dell SonicWALL threat team has researched all the vulnerabilities and released signatures and advisory addressing the issues:

  • CVE-2013-0422
  • GAV: 34662 Exploit.CVE-2013-0422 (Exploit)
    GAV: 34661 Blacole.gen_26 (Exploit)
    GAV: CoolEK.Java.1 (Exploit)

We have also released an advisory for CVE-2013-0422 zero-day attack: New Java 0-day drive-by exploit (Jan 10, 2013).

  • CVE-2013-1493
  • GAV: 35877 McRat.B (Trojan)
    GAV: CVE-2013-1493 (Exploit)
    GAV: CVE-2013-1493_2 (Exploit)
    GAV: CVE-2013-1493_3 (Exploit)

  • CVE-2013-2423
  • IPS: 9835 “Oracle JRE HotSpot Remote Code Execution 3”
    GAV: 16134 CVE-2013-2423 (Exploit)

Updated on May 23rd by adding coverage of CVE-2013-1493.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.