Home / malwarePDF  

Exploit:Java/CVE-2013-2423


First posted on 22 September 2019.
Source: Microsoft

Aliases :

There are no other names known for Exploit:Java/CVE-2013-2423.

Explanation :

Threat in context What is an exploit? Payload Additional technical details Related information / Related references

Java Java Java Java applets sandbox Java Java is a general-purpose programming language, but cases of this exploit are targeted against the plug-in for web browsers. The intent of the plug-in is that programs (or "") can be offered by websites, and run in a "" where the plug-in enforces rules on what the applet can do so that it cannot escape restricted environment.

Exploits are written to take advantage of weaknesses (or vulnerabilities) in legitimate software. A project called (CVE) gives each vulnerability a unique number, in this case "". The portion "" refers to the year the vulnerability was discovered, and "" is a unique ID for this specific vulnerability. You can find more information on the .Common Vulnerabilities and ExposuresCVE-2013-242320132423CVE website

Downloads and installs files

If you visit a website containing the malicious code while using a vulnerable version of , is loaded. It then tries to download and run files from a remote host/. The files that are downloaded and run could include other malware.JavaExploit:Java/CVE-2013-2423URL

This exploit works by causing an exploit called "" in the component "", where the interpreter will write 8 bytes into a 4 byte variable, thus overflowing the data into adjacent memory, (somewhat like a buffer overflow), and overriding a security check.type confusionJavaMethodHandlesJava

Attacking the security model means that the exploit might be effective on any platform the interpreter is on; for example , , , etc.JavaWindowsMacOSLinux

Usually the exploits are written using a few classes working together. The various class files are bundled into an archive called a , which uses the file format. Every contains a file to identify itself to the . Since it is found in every , it won't be listed.JavaJARZIPJARManifest.MFJava RuntimeJAR

Below are some examples of the files that exploit the vulnerability described in :JARCVE-2013-2423

Once the exploit obtains full privileges on your PC, it may:

You can read more about this exploit in the following articles:

Analysis by Chris Stubbs

061be17741f0918bbf458812f6a04ebf3b70dea5 28dc42c7b66a6a9e45d07397f1be684e1acb1372 3866d78f233e5458c3244043b43006e9b3213582 5b90f226256b2853e38ffab6f3b1cb651b9f90b2 5e0ad173659e9e2e06d89ffa3e98738a6ddecdac 6c388af46e222a264344c67168d21569cf6e088c 8619454ec435a727f52ca795c2b1316420e82c4e Astra.class GGG1.class GGG4.class Gomenoz.class Lodka1.class Lodka2.class Siura.class Sloza.class V5.class V7.class XXX2.class XXX3.class XXX8.class ZZ61.class ZZ6Z.class Auto.class Bommon.class Doner.class Geme.class GrabmGold.class Hoper.class J3.class MMM2.class Rumine.class Semen.class Soliter.class Tamana.class Truten.class Uglerod.class Auto.class Barmendsha.class Doperz.class GotikaRot.class Jan.class Mzama.class Rollkatak.class Smortan1.class Svergo2.class Svilis.class Symerki.class Tronzone.class Ulikidema.class ActiveX.class C1.class C2.class Exploit.class SystemClass.class SystemClassBase.class Union1.class Union2.class Z1.class Auto.class Bommon.class Doner.class Geme.class GeraDold.class Humonad.class kis.av MMM2.class MMM3.class Rumine.class Samurain.class Slemge.class Temerlan.class Truten.class Ulitka.class Archive.class Chrdak.class Cont.class Egnxuir.class Fuj.class Igid.class Ivuy.class Kiparic.class Klpmm.class Luka.class Nakei.class Rom.class Tepvi.class FieldAdd.class FieldMn22.class ImageAdd.class ImagManM2C2S2.class ImagManM2y2B2i2g2I2n2t2.class ImagManML.class ImagMan.class Inner.class Main.class23 MainestAddi.class MainestAddi2.class SysoClass.class Union11111111.class Union22222222.class Run an executable file (that might be malware) included in the JAR Run an executable file (that might be malware) from a hard-coded in the exploit's fileURL Take instructions from the file (like a to the malware executable) that loaded themHTMLURL Java is So Confusing... Vulnerability Summary for CVE-2013-2423

Last update 22 September 2019

 

TOP