Sun Java Web Start BasicServiceImpl Remote Code Execution Vulnerability

2010-10-12T00:00:00
ID ZDI-10-202
Type zdi
Reporter Matthias Kaiser (mka)
Modified 2010-11-09T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime. User interaction is required in that a target must visit a malicious page.

The specific flaw exists within the com.sun.jnlp.BasicServiceImpl class. By abusing how Web Start retrieves security policies, an attacker can forge their own and force the removal of sandbox restrictions. Successful exploitation leads to code execution under the context of the user running the browser.