Sun Java Web Start Double Quote Injection

This module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. Parameters initial-heap-size and max-heap-size in a JNLP file can contain a double quote which is not properly sanitized when creating the command line for javaw.exe. This allows the injection of the...

Sun Java Web Start Double Quote Injection Vulnerability

This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. Parameters intial-heap-size and max-heap-size in a JNLP file can contain a double quote which is not properly sanitized when creating the command line for javaw.exe. This allows the injection of...

Sun Java Web Start Plugin Command Line Argument Injection (2012)

Exploit for windows platform in category remote exploits $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Sun Java Web Start Plugin Command Line Argument Injection

$Id: javawsarginjectaltjvm.rb 9097 2010-04-16 08:08:40Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

JAVA web start arbitrary command-line injection - "-XXaltjvm" arbitrary dll loading (0day)

HTML Version ---------- http://www.reversemode.com/index.php?option=comcontent&task=view&id=67&Itemid=1 ---------- Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I...