Exploit:Java/CVE-2012-0507.CG

Exploit:Java/CVE-2012-0507.CG is a variant of the Exploit:Java/CVE-2012-0507 family - a family of malicious Java applets that exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 7, update 2 (described in CVE-2012-0507).

The Java applet, detected as Exploit:Java/CVE-2012-0507.CG, will attempt to trigger the CVE-2012-0507 vulnerability, which allows the Java applet to run with elevated privileges so that it can download and run files from a remote host. 

The files that are downloaded and run could be any of the attacker's choice and could include additional malware.

For an explanation of Java applets, Java classes and elevated privileges, please see the Additional information section in this entry.

Installation

The Java applet may arrive on your computer when you visit a malicious webpage that hosts the applet. Note, however, that a number of legitimate websites could be compromised or unwillingly host a malicious applet through advertising frames which could redirect to or host a malicious Java applet.

In the wild, Exploit:Java/CVE-2012-0507.CG is part of a Java applet which usually contains several Java classes working together that are bundled into a JAR (Java archive) file, for example:

forq.jar

This archive file contains the classes that make up the applet:

• luta.class - a threat-related class
• lutb.class - a class detected as Exploit:Java/CVE-2012-0507.CG
• lutc.class - a class detected as Exploit:Java/CVE-2012-0507.CG
  

Other classes that we have seen in the wild, all detected as Exploit:Java/CVE-2012-0507.CG, include:

• q_a.class
• q_b.class
• q_c.class

Payload

Downloads arbitrary files

When Exploit:Java/CVE-2012-0507.CG is run, it attempts to download and run files from a remote host. The files that are downloaded and run could be any of the attacker's choice and could include additional malware.

Additional information

A Java applet is a stand-alone program that has been written in the Java programming language. Java applets can run on any computer that has the JRE installed, and most are not malicious.

Java classes are the files within an applet that perform the applet's various functions.

Java classes usually have limited access to your computer's processes and resources; however, the CVE-2012-0507 vulnerability in Java allows malicious Java applets to gain a higher level of access than they are otherwise entitled to, known as "elevated privileges".
Malware can exploit this vulnerability by using a Java applet to gain access to your computer to download and install malicious programs.

Vulnerabilities in the JRE are rectified through the application of patches from the Java website.
Therefore, the best way to protect your computer from all Java vulnerabilities is to ensure that your version of Java is up-to-date. See the Java updates page for links to download the latest version for your operating system.

Related encyclopedia entries

Exploit:Java/CVE-2012-0507

Analysis by Patrick Estavillo