Home / malwarePDF  

Exploit:Java/CVE-2011-3544.gen!C


First posted on 04 April 2020.
Source: Microsoft

Aliases :

Exploit:Java/CVE-2011-3544.gen!C is also known as EXP/CVE-2011-3544, Exploit.CVE2011-3544.2, Exploit.Java.CVE-2011-3544.k, JV/MailSend, Mal/20113544-A, Trojan.Maljava.

Explanation :

Exploit:Java/CVE-2011-3544.gen!C is a generic detection for a malicious Java applet stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in a Java Runtime Environment (JRE) component in Oracle, JAVA SE JDK and JRE 7, 6 update 27 and earlier. The vulnerability, discussed in CVE-2011-3544, allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to run arbitrary Java code outside of the "sandbox" environment.

Installation

Exploit:Java/CVE-2011-3544.gen!C is distributed within a Java Archive (JAR) file as a malicious Java applet exploit that takes advantage of the way Java handles Rhino JavaScript errors. Using the "toString()" method, a remote attacker may craft an error object in JavaScript which can call 'protected mode', enabling the malicious payload to run in a privileged context.

The malicious JAR file is usually packaged with at least two Java applets: "morale.class" and a randomly named class, such as "m.class","n.class", or "k.class".

Payload

Downloads arbitrary files

Exploit:Java/CVE-2011-3544.gen!C is used in drive-by download attacks. Any web browsers with vulnerable Java versions may be exposed to malicious code intentionally designed to download and install arbitrary files, often malware. This exploit may attempt to download a file from a URL that is specified within the exploit code, or from the web page that loads the exploit.

Analysis by Rex Plantado

Last update 04 April 2020

 

TOP