Java 7 Update 10 0-Day Vulnerability (CVE-2013-0422)

On January 10, 2013, posted by hernan

Today a new Java 0-day vulnerability (CVE-2013-0422) was made public by Kafeine on his blog.

The exploit is already included in several exploit kits and Kafeine's blog post includes the source code for the exploit, what will undoubtedly cause a massive increase of attack attempts and many different versions of the exploit that your AV or endpoint security solution might not detect.

All versions of Java 7 up to the latest version (Java 7 Update 10) are affected by this vulnerability and of course there is currently no patch for the issue.

The vulnerability bypasses the security restrictions imposed on Java Applets and allows the execution of arbitrary code. It can apparently be exploited via all browsers (including IE, Firefox and Chrome) with the Java plugin enabled, on all operating systems.

Next is a demo of our version of the exploit; hopefully, it will help you realize this vulnerability poses a very big risk and you should do something about it:

If you are wondering what you can do to protect yourself, we suggest disabling the Java Plugin in your browser until a patch is released.