Exploit:Java/CVE-2008-5353.QS

Exploit:Java/CVE-2008-5353.QS is a detection for an obfuscated malicious Java class component that exploits the vulnerability described in CVE-2008-5353.

 

The vulnerability affects Java Virtual Machine (JVM) up to and including version 6 update 10. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside of its "sandbox" environment. 

The vulnerability has been exploited by malware to gain access to a user's computer to download and install malicious programs. The malware installation may occur when a malicious Java applet is executed by a vulnerable JVM. This scenario can occur when a user visits a malicious webpage that hosts such an applet. Note that a number of legitimate websites could be compromised or unwillingly host a malicious applet through advertising frames which could redirect to or host a malicious Java applet.

 

Exploit:Java/CVE-2008-5353.QS is a 2975 byte Java class with a file name "LoaderX.class" and is part of a java package called "DEV.S". The class exploits the CVE-2008-5353 vulnerability and is invoked from "AdgreadY.class" applet. The "AdgreadY.class" applet then executes "DyesyasZ.class" file with elevated privileges. Both files are also found inside the "DEV.S" package.

When the Java component "DyesyasZ.class" runs, it may download and execute malicious programs from a specified website.

The vulnerability exploits a relationship between serializable objects, the programming entities or objects that can remain beyond the lifespan of a parent process that created it, and a non-serializable super class constructor method defined in the derived class.

 

It is not uncommon for antivirus software to detect malicious Java applets in a web browser's cache. It doesn’t necessarily mean that the system is compromised. Most of the time it reflects the fact that at some stage a webpage with a malicious applet had been visited and cached internally. To thwart such a notification, it is often enough to purge the cache using a web browser's configurable security options.