0 Replies Latest reply on Jan 5, 2010 2:38 PM by JimWalter

    Report of Java Object Serialization exploit in use in web drive-by attacks (CVE-2008-5353)



      Some sources are reporting new exploitation of CVE-2008-5353 in-the-wild.  PoC code has been available for some time, but this would be a first for in-the-wild exploitation.


      McAfee Labs is currently investigating.  Updates will be provided via MTIS.


      This new exploit code is detected by the McAfee GW Edition as Java.Agent.S


      Detail - http://isc.sans.org/diary.html?storyid=7879