10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.811 High
EPSS
Percentile
98.2%
Added: 04/20/2010
CVE: CVE-2010-0886
BID: 39492
OSVDB: 63798
Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment (JRE).
A vulnerability in Sun Java Web Start allows execution of arbitrary commands which are injected into a URL containing the string “-J”.
See Oracle Security Alert CVE-2010-0886 for fix information.
<http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0122.html>
Exploit works on Java SE 6 Update 19 and requires a user to load the exploit page in Internet Explorer.
Before the exploit can succeed, the exploit.jar file must be downloaded from the exploit server and placed onto the specified SMB share.
The specified SMB share must be accessible from the target host.
Windows