...
Using the clone() method to copy untrusted arguments affords attackers the opportunity to execute arbitrary code.
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Parasoft Jtest |
| CERT.MET52.CIFC | Only "clone()" instances of "final" classes |
Bibliography
1 "Exploiting Java Vulnerability CVE-2012-0507 Using Metasploit" is shared by user BreakTheSec on Slideshare.net (July 14, 2012). www.slideshare.net/BreakTheSec/exploiting-java-vulnerability.
...