Zscaler Security Advisories

Security Advisory - January 10, 2013

Zscaler Protects Against 0 Day Vulnerability in Java 7 incorporated into multiple exploit kits

Zscaler has proactively deployed protections for a new 0day vulnerability in all versions of Java 7, including the latest version of Java 7 update 10 (CVE-2013-0422). There is presently no patch available for this exploit and it has already been incorporated into numerous exploit kits. Exploit code is also freely available in the wild and a Metasploit module has been produced. As such, exploitation of this issue is widespread. The Zscaler cloud will detect and block websites leveraging this new vulnerability. Zscaler will continue to monitor exploits associated with this issue and deliver additional protections as needed.

Vulnerability Note VU#625617

Affected Software

  • Oracle Java Runtime Environment (JRE) 1.7

CVE-2013-0422 - Java 7 fails to restrict access to privileged code

Description: Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.