cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Level 10
Report Inappropriate Content
Message 1 of 11

UDS for Java-0 Day

Hello everyone!

Do you have an available User Defined Signature for the NSP regarding the new Java-0 day exploit running on the news? (http://www.net-security.org/secworld.php?id=13507).

Regards.

10 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 11

Re: UDS for Java-0 Day

Hi Maximo,

 

We currently have 2 signatures on our sigset that will offer partial coverage for this CVE:

"HTTP: Java Applet Rhino Script Engine Remote Code Execution"
"HTTP: Possible Malicious JAR File Transfer Found"

Partial coverage means that we can only detect some of the exploit samples. Depending on the sample detected we will trigger one of the above signatures.

There will be a new signature added on the next sigset release (to be released today/tomorrow) that will offer full coverage, detecting all known exploit samples.

HTH.

Regards,

David

Highlighted
Level 10
Report Inappropriate Content
Message 3 of 11

Re: UDS for Java-0 Day

Thanks!!!

Highlighted

Re: UDS for Java-0 Day

did the new dat 6820 address the above?

thank you

Highlighted

Re: UDS for Java-0 Day

can someone from Mcafee please verify that this dat version addresses the Java 0 day issue., been waiting 7 hours for a response. thank you

Highlighted
Level 10
Report Inappropriate Content
Message 6 of 11

Re: UDS for Java-0 Day

This is for NSP related issues.

Highlighted

Re: UDS for Java-0 Day

Maybe you or someone could be kind enough to point me to the right forums where i can ask if the latest dat protects agains the Java 0 day for Mcafee VirusScan enterprise.

thank you so kindly

Highlighted
Level 11
Report Inappropriate Content
Message 8 of 11

Re: UDS for Java-0 Day

The virus scan community is available here:  https://community.mcafee.com/community/business/system/vse

I believe the coverage information you are looking for is:

Coverage is provided as Generic PWS.y!1ij in the 6817 DATs, released August 27. Updated coverage is included as Exploit-CVE2012-4681 in the 6819 DATs (August 29).

Highlighted

Re: UDS for Java-0 Day

thank you very much!

Highlighted

Re: UDS for Java-0 Day

can you please tell me where you found this information? l been searching for 2 days and cant find where it relates cve2012-4618 to the dat 6819? is there a way to search by cve to find the dat? or how did you find it?

thank you for all your help

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community