Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:FD380419A9A7F1E6B16DB9F0C94124DC
HistoryMay 05, 2011 - 12:00 a.m.

Oracle Java Applet2ClassLoader Vulnerability

2011-05-0500:00:00
SAINT Corporation
my.saintcorporation.com
22

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.6%

JSON

Added: 05/05/2011
CVE: CVE-2010-4452
BID: 46388
OSVDB: 71193

Background

Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets.

Problem

Java 6 Update 23 and before are vulnerable to an unsigned code execution vulnerability. This may allow an attacker to trick a user into viewing a website with a malicious embedded Java applet.

Resolution

Upgrade to Oracle JRE 6 Update 25 or later.

References

<http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html&gt;
<http://fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/&gt;
<http://www.zerodayinitiative.com/advisories/ZDI-11-084/&gt;

Limitations

This exploit has been tested against Oracle JRE 6 Update 23 on Windows XP SP3 English (DEP OptIn), Windows Vista SP2 English (DEP OptIn) and Windows 7 SP1 English (DEP OptIn).

Platforms

Windows

Related

saint 3
canvas 1
seebug 1
d2 1
threatpost 2
prion 1
securityvulns 3
veracode 1
packetstorm 1
cve 1
zdi 1
checkpoint_advisories 1
metasploit 1
ubuntucve 1
exploitdb 1
openvas 10
nessus 16
redhat 3
suse 2
vmware 2
oracle 1
gentoo 1
saint
saint
Oracle Java Applet2ClassLoader Vulnerability
2011-05-05 00:00:00
Oracle Java Applet2ClassLoader Vulnerability
2011-05-05 00:00:00
Oracle Java Applet2ClassLoader Vulnerability
2011-05-05 00:00:00
canvas
canvas
Immunity Canvas: CVE_2010_4452
2011-02-17 19:00:00
seebug
seebug
Sun Java Applet2ClassLoader - Remote Code Execution Exploit
2014-07-01 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_CLASSLOADER
2011-02-17 19:00:00
threatpost
threatpost
Major DNS Cache Poisoning Attack Hits Brazilian ISPs
2011-11-07 12:44:36
The Tale of One Thousand and One DSL Modems
2012-10-02 14:51:59
prion
prion
Security feature bypass
2011-02-17 19:00:00
securityvulns
securityvulns
ZDI-11-084: Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability
2011-02-17 00:00:00
Oracle Java multiple security vulnerabilities / OpenJDK
2011-02-17 00:00:00
Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities
2011-05-04 00:00:00
veracode
veracode
Unspecified Vulnerability
2020-04-10 00:57:55
packetstorm
packetstorm
Sun Java Applet2ClassLoader Remote Code Execution Exploit
2011-03-16 00:00:00
cve
cve
CVE-2010-4452
2011-02-17 19:00:00
zdi
zdi
Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability
2011-02-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java Applet2ClassLoader Remote Code Execution (CVE-2010-4452)
2011-05-31 00:00:00
metasploit
metasploit
Sun Java Applet2ClassLoader Remote Code Execution
2011-03-16 04:50:25
ubuntucve
ubuntucve
CVE-2010-4452
2011-02-17 00:00:00
exploitdb
exploitdb
Sun Java Applet2ClassLoader - Remote Code Execution (Metasploit)
2011-03-16 00:00:00
openvas
openvas
Oracle Java SE Multiple Unspecified Vulnerabilities (Windows)
2011-02-28 00:00:00
Oracle Java SE Multiple Unspecified Vulnerabilities - Windows
2011-02-28 00:00:00
HP-UX Update for Java HPSBUX02685
2011-06-06 00:00:00
nessus
nessus
SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4109)
2011-03-22 00:00:00
SuSE 10 Security Update : java-1_6_0-ibm, java-1_6_0-ibm-32bit, java-1_6_0-ibm-64bit, java-1_6_0-ibm-alsa, java-1_6_0-ibm-alsa-32bit, java-1_6_0-ibm-demo, java-1_6_0-ibm-devel, java-1_6_0-ibm-devel-32bit, java-1_6_0-ibm-fonts, java-1_6_0-ibm-jdbc, java-1_6_0-ibm-jdbc-32bit, java-1_6_0-ibm-jdbc-64bit, java-1_6_0-ibm-plugin, java-1_6_0-ibm-plugin-32bit, java-1_6_0-ibm-src (ZYPP Patch Number 7369)
2011-03-22 00:00:00
RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2011:0357)
2011-03-17 00:00:00
redhat
redhat
(RHSA-2011:0357) Critical: java-1.6.0-ibm security update
2011-03-16 00:00:00
(RHSA-2011:0282) Critical: java-1.6.0-sun security update
2011-02-17 00:00:00
(RHSA-2011:0880) Low: Red Hat Network Satellite server IBM Java Runtime security update
2011-06-16 00:00:00
suse
suse
remote code execution in java-1_6_0-ibm,java-1_5_0-ibm,java-1_4_2-ibm
2011-03-22 13:32:34
remote code execution in java-1_6_0-sun
2011-02-22 14:41:11
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
oracle
oracle
cpuapr2011
2011-04-19 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2011-11-05 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.6%

JSON
Related for SAINT:FD380419A9A7F1E6B16DB9F0C94124DC
saint3canvas1seebug1d21threatpost2prion1securityvulns3veracode1packetstorm1cve1zdi1checkpoint_advisories1metasploit1ubuntucve1exploitdb1openvas10nessus16redhat3suse2vmware2oracle1gentoo1