Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Sun Java Deployment Toolkit Multiple Vulnerabilities (Windows)

🗓️ 23 Apr 2010 00:00:00Reported by Copyright (c) 2010 SecPodType 
openvas
 openvas🔗 plugins.openvas.org👁 54 Views

Sun Java Deployment Toolkit Multiple Vulnerabilities, Window

Related
Refs
Code
ReporterTitlePublishedViews
Family
Chainguard		CVE-2010-1423 vulnerabilities
15 Apr 201021:30
cgr
Circl		CVE-2010-0886
9 Apr 201000:00
circl
Circl		CVE-2010-1423
9 Apr 201000:00
circl
CISA		Oracle Releases Sun Java SE 1.6.0_20
16 Apr 201000:00
cisa
Check Point Advisories		Oracle Java Web Start Launch Command-Line Injection (CVE-2010-0886; CVE-2010-0887; CVE-2010-1423)
26 May 201000:00
checkpoint_advisories
CVE		CVE-2010-0886
20 Apr 201019:00
cve
CVE		CVE-2010-0887
20 Apr 201019:00
cve
CVE		CVE-2010-1423
15 Apr 201021:12
cve
Cvelist		CVE-2010-0886
20 Apr 201019:00
cvelist
Cvelist		CVE-2010-0887
20 Apr 201019:00
cvelist
Rows per page
###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_sun_java_jdk_mult_vuln_win_apr10.nasl 7699 2017-11-08 12:10:34Z santu $
#
# Sun Java Deployment Toolkit Multiple Vulnerabilities (Windows)
#
# Authors:
# Antu Sanadi <[email protected]>
#
# Copyright:
# Copyright (c) 2010 SecPod http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_solution = "Upgrade to Sun Java version  6 Update 20,
  For updates refer to http://java.sun.com/javase/6/

  Workaround:
  Set the killbit for the CLSID {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}
  http://support.microsoft.com/kb/240797";

tag_impact = "Successful exploitation allows execution of arbitrary code by tricking a user
  into visiting a malicious web page.
  Impact Level: Application";
tag_affected = "Sun Java version 6 Update 19 and prior on Windows.";
tag_insight = "The flaws are due to input validation error in 'JDk' that does not properly
  validate arguments supplied via 'javaw.exe' before being passed to a
  'CreateProcessA' call, which could allow remote attackers to automatially
  download and execute a malicious JAR file hosted on a network.";
tag_summary = "This host is installed with Sun Java Deployment Toolkit and is prone to
  multiple vulnerabilities.";

if(description)
{
  script_id(902167);
  script_version("$Revision: 7699 $");
  script_tag(name:"last_modification", value:"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $");
  script_tag(name:"creation_date", value:"2010-04-23 17:57:39 +0200 (Fri, 23 Apr 2010)");
  script_cve_id("CVE-2010-0886", "CVE-2010-0887", "CVE-2010-1423");
  script_bugtraq_id(39492);
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_name("Sun Java Deployment Toolkit Multiple Vulnerabilities (Windows)");


  script_tag(name:"qod_type", value:"registry");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2010 SecPod");
  script_family("General");
  script_dependencies("gb_java_prdts_detect_win.nasl");
  script_require_keys("Sun/Java/JDK/Win/Ver");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "solution" , value : tag_solution);
  script_xref(name : "URL" , value : "http://www.kb.cert.org/vuls/id/886582");
  script_xref(name : "URL" , value : "http://www.vupen.com/english/advisories/2010/0853");
  script_xref(name : "URL" , value : "http://lists.grok.org.uk/pipermail/full-disclosure/2010-April/074036.html");
  script_xref(name : "URL" , value : "http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1");
  exit(0);
}


include("version_func.inc");
include("secpod_activex.inc");

## Get KB for JDK Version On Windows
jdkVer = get_kb_item("Sun/Java/JDK/Win/Ver");
if(jdkVer)
{
  ## Check for 1.6 < 1.6.0_19 (6 Update 19)
  if(version_in_range(version:jdkVer, test_version:"1.6", test_version2:"1.6.0.19")){
    security_message(0);
  }
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Nov 2017 00:00Current
0.7Low risk
Vulners AI Score0.7
EPSS0.80974
javamultiple vulnerabilitieswindowssundeploymenttoolkitupgradeexploitationarbitrary codeinput validation errorcve-2010-0886cve-2010-0887cve-2010-1423clsidworkaroundnetwork
54