Java - Web Start Double Quote Injection Remote Code Execution (Metasploit)

======================================================== Java Web Start Double Quote Inject Remote Code Execution ======================================================== Date: Jun 12 2012 updated: Jun 6 2013 Author: Rh0 Version: At least Java 1.6.31 to 1.6.35 and 1.7.03 to 1.7.07 Tested on:...

Java Web Start Double Quote Injection Remote Code Execution

Exploit for multiple platform in category remote exploits require 'msf/core' class Metasploit3 'Sun Java Web Start Double Quote Injection', 'Description' = %q This module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. Parameters intial-heap-size and max-heap-size ...

Java - Web Start Double Quote Injection Remote Code Execution (Metasploit)

Java - Web Start Double Quote Injection Remote Code Execution Metasploit ======================================================== Java Web Start Double Quote Inject Remote Code Execution ======================================================== Date: Jun 12 2012 updated: Jun 6 2013 Author: Rh0...

Sun Java Web Start Double Quote Injection Vulnerability

This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. Parameters intial-heap-size and max-heap-size in a JNLP file can contain a double quote which is not properly sanitized when creating the command line for javaw.exe. This allows the injection of...

Sun Java Web Start Double Quote Injection

======================================================== Java Web Start Double Quote Inject Remote Code Execution ======================================================== Date: Jun 12 2012 updated: Jun 6 2013 Author: Rh0 Version: At least Java 1.6.31 to 1.6.35 and 1.7.03 to 1.7.07 Tested on:...

Sun Java Web Start Splashscreen GIF Decoding Buffer Overflow - Improved Performance (CVE-2008-2086)

The Sun Java Web Start is a component of the Java 2 Runtime Environment JRE. It allows for the network deployment of Java applications. This component enables stand-alone Java applications to be downloaded from a remote network location and invoked on a target machine. There exists a memory...

Java Web Start Launcher ActiveX Control - Memory Corruption

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Java ActiveX Control Memory Corruption product: JavaTM Web Start Launcher vulnerable version: Sun Java Version 7 Update 17 and before Sun Java Version 6 Update 43 and...

Sun Java JRE XML Signature Command Injection (102993) (Unix)

The version of Sun Java Runtime Environment JRE installed on the remote host reportedly does not securely process XSLT stylesheets containing XSLT Transforms in XML Signatures. If an attacker can pass a specially crafted XSLT stylesheet to a trusted Java application running on the remote host, it...

Sun Java Web Start Unauthorized Access (102881) (Unix)

According to its version number, the Sun Java Runtime Environment JRE installed on the remote host reportedly may allow an untrusted application to elevate its privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ...) (Unix)

The version of Sun Java Runtime Environment JRE installed on the remote host is earlier than 6 Update 17 / 5.0 Update 22 / 1.4.224 / 1.3.127. Such versions are potentially affected by the following security issues : - The Java update mechanism on non-English versions does not update the JRE when ...

Sun Java JRE / Web Start Java Plug-in Untrusted Applet Privilege Escalation (Unix)

The remote host is using an unmanaged version of Sun Java Runtime Environment that has vulnerabilities in its Java Runtime Plug-in, a web browser add-on used to display Java applets. The JRE Plug-in security can be bypassed by tricking a user into viewing a maliciously crafted web page...

Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..) (Unix)

The version of Sun Java Runtime Environment JRE installed on the remote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.220 / 1.3.125. Such versions are potentially affected by the following security issues : - A denial of service vulnerability affects the JRE LDAP implementation. 254569. ...

Sun Java JRE Plug-in Capability Arbitrary Package Access (Unix)

The remote host is using an unmanaged version of Sun Java Runtime Environment that has vulnerabilities in its Java Runtime Plug-in, a web browser add-on used to display Java applets : - An untrusted applet may escalate its privileges in order to read, write or execute files on the remote system. ...

Sun Java Web Start JNLP File Handling Overflow (102996) (Unix)

The Java Web Start utility distributed with the version of Sun Java Runtime Environment JRE installed on the remote host may be affected by a buffer overflow vulnerability. If an attacker can convince a user on the affected host to open a specially crafted JNLP file, it may be possible to execute...

Sun Java JRE Multiple Vulnerabilities (263408 / 263409 / 263428 ..) (Unix)

The version of Sun Java Runtime Environment JRE installed on the remote host is earlier than 6 Update 15 / 5.0 Update 20 / 1.4.222 / 1.3.126. Such version are potentially affected by the following security issues : - A vulnerability in the JRE audio system may allow system properties to be...

Sun Java JRE Image Parsing Vulnerabilities (102934) (Unix)

According to its version number, the Sun Java Runtime Environment JRE installed on the remote host reportedly is affected by a buffer overflow in its image processing code as well as another issue that may cause the Java Virtual Machine to hang. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Sun Java JRE Multiple Vulnerabilities (233321-233327) (Unix)

The version of Sun Java Runtime Environment JRE installed on the remote host is affected by one or more security issues : - Two vulnerabilities in the JRE VM may independently allow an untrusted application or applet downloaded from a website to elevate its privileges 233321. - When processing XS...

Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities (Unix)

The version of Sun Java Runtime Environment JRE 6.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the JRE could allow unauthorized access to certain URL resources or cause a denial of service condition while processing XML data. In order to successful...

Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities (Unix)

The version of Sun Java Runtime Environment JRE 5.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the XML processing module of the JRE could allow an untrusted applet/application unauthorized access to certain URL resources 238628. - A buffer overflow...

Sun Java JRE Applet Handling Privilege Escalation (231261) (Unix)

The version of Sun Java Runtime Environment JRE installed on the remote host reportedly contains two vulnerabilities that may independently allow an untrusted application or applet to elevate its privileges by, for example, granting itself permission to read and write local files or execute local...