Exploit:Java/CVE-2012-1723.A

Exploit:Java/CVE-2012-1723.A allows an attacker to gain access to and run arbitrary files on your computer.

Make sure you install all available updates from Java to avoid this exploit. For more information on updating Java please see the Additional information section in this entry.

Exploit:Java/CVE-2012-1723.A is the detection for malicious JavaScript code that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 7, update 4 (described in CVE-2012-1723).

Installation

Exploit:Java/CVE-2012-1723.A may be loaded when you visit a webpage that hosts the malicious JavaScript code. Note, however, that a number of legitimate websites could be compromised or unwillingly host malicious code through advertising frames which could redirect to or host the malicious code.

Additionally, note that an attacker cannot force you or your browser to visit a malicious website. Instead, an attacker may try to convince you to visit their website, typically by getting you to click a link in an email, an instant messenger request, a Facebook wall post or through other social engineering techniques.

Payload

If you do visit a webpage which hosts Exploit:Java/CVE-2012-1723.A, the exploit attempts to trigger the vulnerability in the JRE.

This vulnerability allows malware download other malware onto your computer, which may allow the attacker access to your computer.

Additional information

Vulnerabilities in the JRE are rectified through the application of patches from the Java website.

Therefore, the best way to protect your computer from all Java vulnerabilities is to ensure that your version of Java is up-to-date. See the Java updates page for links to download the latest version for your operating system.

Analysis by Patrick Estavillo