Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousStephen Fewer of Harmony Security (www.harmonysecurity.com)ZDI-10-207
HistoryOct 12, 2010 - 12:00 a.m.

Oracle Java ActiveX Plugin Uninitialized Window Handle Remote Code Execution Vulnerability

2010-10-1200:00:00
AnonymousStephen Fewer of Harmony Security (www.harmonysecurity.com)
www.zerodayinitiative.com
13

EPSS

0.204

Percentile

96.4%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle’s Java platform that utilize the ActiveX Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the plugin initializes objects. While the plugin is in a particular state, the application will fail to initialize a field that is used as a window handle. Exploitation can lead to code execution under the privileges of the application.

Related

nvd 1
prion 1
ubuntucve 1
cve 1
cvelist 1
veracode 1
nessus 16
redhat 3
openvas 8
suse 1
cisco 1
vmware 2
gentoo 1
oracle 1
nvd
nvd
CVE-2010-3555
2010-10-19 22:00:03
prion
prion
Code injection
2010-10-19 22:00:00
ubuntucve
ubuntucve
CVE-2010-3555
2010-10-19 00:00:00
cve
cve
CVE-2010-3555
2010-10-19 22:00:03
cvelist
cvelist
CVE-2010-3555
2010-10-19 21:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:52:15
nessus
nessus
RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2010:0987)
2010-12-16 00:00:00
SuSE 10 Security Update : IBM Java 6 SR9 (ZYPP Patch Number 7312)
2011-01-27 00:00:00
SuSE 11.1 Security Update : IBM Java 6 (SAT Patch Number 3724)
2011-01-25 00:00:00
redhat
redhat
(RHSA-2010:0987) Critical: java-1.6.0-ibm security and bug fix update
2010-12-15 00:00:00
(RHSA-2010:0770) Critical: java-1.6.0-sun security update
2010-10-14 00:00:00
(RHSA-2011:0880) Low: Red Hat Network Satellite server IBM Java Runtime security update
2011-06-16 00:00:00
openvas
openvas
Oracle Java SE Multiple Vulnerabilities - Windows
2010-10-28 00:00:00
Oracle Java SE Multiple Vulnerabilities (Windows)
2010-10-28 00:00:00
HP-UX Update for Java HPSBUX02608
2011-01-04 00:00:00
suse
suse
remote code execution in java-1_6_0-ibm
2011-01-25 17:16:52
cisco
cisco
MIT Kerberos GSS-API Library Remote Denial of Service Vulnerability
2010-05-19 15:40:37
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2011-11-05 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2011
2011-01-18 00:00:00

EPSS

0.204

Percentile

96.4%

JSON
Related for ZDI-10-207
nvd1prion1ubuntucve1cve1cvelist1veracode1nessus16redhat3openvas8suse1cisco1vmware2gentoo1oracle1