CVE-2013-2423 Java Vulnerability Exploit ITW

A few days after Oracle released a critical patch, CVE-2013-2423 is found to already been exploited. Upon checking the history, the exploitation seems to have begun on April 21st and is still actively happening until a few hours ago:

url_list (122k image)

For a closer look, the image below contains a comparison of the classes found in the Metasploit module and that of the ITW sample:

Metasploit (95k image)

Interestingly, the Metasploit module was published on the 20th, and as mentioned earlier, the exploit was seen in the wild the day after.

Information about the PoC can be found here.

Files are detected as Exploit:Java/Majava.B.

Sample hashes:

Post by – Karmina and @Timo

On 23/04/13 At 02:36 PM

Read more: CVE-2013-2423 Java Vulnerability Exploit ITW

Story added 23. April 2013, content source with full text you can find at link above.