Home / malware Exploit:Java/CVE-2012-0507.D!ldr
First posted on 16 February 2019.
Source: MicrosoftAliases :
There are no other names known for Exploit:Java/CVE-2012-0507.D!ldr.
Explanation :
Exploit:Java/CVE-2012-0507.D!ldr is a detection for an obfuscated malicious Java class component stored within a Java Archive (.JAR), that uses its elevated privileges to download and execute other malware.
Web browsers that use vulnerable versions of Java may be exposed to this kind of threat.
The vulnerability exploits a flaw in the deserialization of "AtomicReferenceArray" objects, which allows remote attackers to call, without proper "sandboxing", system level Java functions via the ClassLoader of a constructor that is being deserialized. This means it is able to perform actions outside of its "sandbox" that its not usually able to do.
Installation
This component usually arrives together with another Java class applet, detected as Exploit:Java/CVE-2012-0507.D, that triggers the vulnerability discussed in CVE-2012-0507.
In the wild, the malicious Java package may contain the following malicious Java class files:
Lion.class – detected as Exploit:Java/CVE-2012-0507.D ka.class - detected as Exploit:Java/CVE-2012-0507.D!ldr Payload
Downloads arbitrary files
Exploit:Java/CVE-2012-0507.D!ldr is used in drive-by download attacks. In the wild, we have observed Exploit:Java/CVE-2012-0507.D!ldr downloading variants of PWS:Win32/Zbot and Backdoor:Win32/Kelihos.F.
Analysis by Rodel FinonesLast update 16 February 2019