We currently have 2 signatures on our sigset that will offer partial coverage for this CVE:
"HTTP: Java Applet Rhino Script Engine Remote Code Execution"
"HTTP: Possible Malicious JAR File Transfer Found"
Partial coverage means that we can only detect some of the exploit samples. Depending on the sample detected we will trigger one of the above signatures.
There will be a new signature added on the next sigset release (to be released today/tomorrow) that will offer full coverage, detecting all known exploit samples.
Maybe you or someone could be kind enough to point me to the right forums where i can ask if the latest dat protects agains the Java 0 day for Mcafee VirusScan enterprise.
thank you so kindly
The virus scan community is available here: https://community.mcafee.com/community/business/system/vse
I believe the coverage information you are looking for is:
Coverage is provided as Generic PWS.y!1ij in the 6817 DATs, released August 27. Updated coverage is included as Exploit-CVE2012-4681 in the 6819 DATs (August 29).
can you please tell me where you found this information? l been searching for 2 days and cant find where it relates cve2012-4618 to the dat 6819? is there a way to search by cve to find the dat? or how did you find it?
thank you for all your help