In a recent blog, we talked about the recent Java vulnerability and how it was still kicking around. The flaw has been identified as CVE-2012-0507 in the Common Vulnerabilities and Exposures database. You might be thinking that you are still safe, as you have antivirus. Let’s find out how well it protects you.
As of the time of this writing, the information and patching were rather poor. So, there is no shortage of potential victims. It’s also no leap of faith to assume loads of people rely solely on their antivirus. So, let’s pit a Java exploit against McAfee.
For my experiments, I picked an exploit from Metasploit, a penetration tester’s tool. It lets you deploy a rogue Web site that will push an exploit out to any visiting browser. If successful, Metasploit will get a notification and gain control of the victim. Below we see what it…
View original post 1,039 more words