Report of Java Object Serialization exploit in use in web drive-by attacks
Last Updated: 2010-01-05 21:46:24 UTC
by Toby Kohlenberg (Version: 1)
We've had a report (thanks Tom!) of a java applet exploiting CVE-2008-5353 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353) as part of a web drive-by attack. While PoC has been around for a long time for this, this is the first time I've heard of it being used in the wild for a general attack. If anyone else has seen this, we'd be interested to hear about it.
The applet is already being detected by some A/V packages according to VirusTotal: https://www.virustotal.com/
As we get more details on what it does, we'll update this entry with it.
UPDATE: Minnie Mouse was kind enough to write and let us know that exploits for this vuln apparently are available and included in the LuckySploit, Liberty and Fragus kits. In at least one case the exploit was a recent addition
Jan 6th 2010
1 decade ago