Lucene search

K
saintSAINT CorporationSAINT:1034163FFD3372865F62BA87FDA02A7F
HistoryApr 20, 2010 - 12:00 a.m.

Sun Java Web Start command-line argument injection

2010-04-2000:00:00
SAINT Corporation
download.saintcorporation.com
10

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.78

Percentile

98.3%

Added: 04/20/2010
CVE: CVE-2010-0886
BID: 39492
OSVDB: 63798

Background

Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment (JRE).

Problem

A vulnerability in Sun Java Web Start allows execution of arbitrary commands which are injected into a URL containing the string ā€œ-Jā€.

Resolution

See Oracle Security Alert CVE-2010-0886 for fix information.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0122.html&gt;

Limitations

Exploit works on Java SE 6 Update 19 and requires a user to load the exploit page in Internet Explorer.

Before the exploit can succeed, the exploit.jar file must be downloaded from the exploit server and placed onto the specified SMB share.

The specified SMB share must be accessible from the target host.

Platforms

Windows

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.78

Percentile

98.3%