IPS signature for Java Web Start 0-day?
Updated: 16 Oct 2010 | 2 comments
Does anyone know if there are plans to release an IPS signature for 0-day Java Web Start, described here:
http://seclists.org/fulldisclosure/2010/Apr/119
It is exploited in the wild, and creating custom IPS policy for it does not work, because SEP can't process backslash (reserved character) in its custom IPS signatures, and payload contains :"-J\\\\";
If anyone from Symantec can check back with development and report back, I would really appreciate it.
Thanks!
Discussion Filed Under:
Comments
Nevermind, Java released a
Nevermind, Java released a fix, new build:
http://java.sun.com/javase/6/webnotes/6u20.html
for reference, we have an AV
for reference, we have an AV signature out now to detect the malicious page: Bloodhound.Exploit.292
in addition, an IPS signature is in the works.
Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint
Would you like to reply?
Login or Register to post your comment.