[SE-2012-01] New security issues affecting Oracle's Java SE 7u15

From: Security Explorations <contact@security-explorations.com>
To: bugtraq@securityfocus.com,full-disclosure@lists.grok.org.uk
Subject: [SE-2012-01] New security issues affecting Oracle's Java SE 7u15

Hello All,

We had yet another look into Oracle's Java SE 7 software that
was released by the company on Feb 19, 2013. As a result, we
have discovered two new security issues (numbered 54 and 55),
which when combined together can be successfully used to gain
a complete Java security sandbox bypass in the environment of
Java SE 7 Update 15 (1.7.0_15-b03).

Following our Disclosure Policy [1], we provided Oracle with
a brief technical description of the issues found along with
a working Proof of Concept code that illustrates their impact.

Both new issues are specific to Java SE 7 only. They allow to
abuse the Reflection API in a particularly interesting way.

Without going into further details, everything indicates that
a ball is in Oracle's court. Again.

Thank you.

Best Regards
Adam Gowdiak

Security Explorations
"We bring security research to the new level"

[1] Security Explorations - Disclosure Policy

Copyright © 1995-2020 LinuxRocket.net. All rights reserved.