Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiFrederic HoguinZDI-11-084
HistoryFeb 15, 2011 - 12:00 a.m.

Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability

2011-02-1500:00:00
Frederic Hoguin
www.zerodayinitiative.com
16

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.966 High

EPSS

Percentile

99.6%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the findClass method of the sun.plugin2.applet.Applet2ClassLoader class. Due to a failure to properly validate URLs supplied by an implicitly trusted applet, it is possible to execute arbitrary code on Windows 32-bit and 64-bit, as well as Linux 32-bit platforms under the context of the SYSTEM user.

Related

saint 4
canvas 1
securityvulns 3
veracode 1
packetstorm 1
threatpost 2
cve 1
prion 1
seebug 1
d2 1
checkpoint_advisories 1
ubuntucve 1
metasploit 1
exploitdb 1
openvas 10
redhat 3
nessus 16
suse 2
vmware 2
gentoo 1
oracle 1
saint
saint
Oracle Java Applet2ClassLoader Vulnerability
2011-05-05 00:00:00
Oracle Java Applet2ClassLoader Vulnerability
2011-05-05 00:00:00
Oracle Java Applet2ClassLoader Vulnerability
2011-05-05 00:00:00
canvas
canvas
Immunity Canvas: CVE_2010_4452
2011-02-17 19:00:00
securityvulns
securityvulns
ZDI-11-084: Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability
2011-02-17 00:00:00
Oracle Java multiple security vulnerabilities / OpenJDK
2011-02-17 00:00:00
Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities
2011-05-04 00:00:00
veracode
veracode
Unspecified Vulnerability
2020-04-10 00:57:55
packetstorm
packetstorm
Sun Java Applet2ClassLoader Remote Code Execution Exploit
2011-03-16 00:00:00
threatpost
threatpost
The Tale of One Thousand and One DSL Modems
2012-10-02 14:51:59
Major DNS Cache Poisoning Attack Hits Brazilian ISPs
2011-11-07 12:44:36
cve
cve
CVE-2010-4452
2011-02-17 19:00:00
prion
prion
Security feature bypass
2011-02-17 19:00:00
seebug
seebug
Sun Java Applet2ClassLoader - Remote Code Execution Exploit
2014-07-01 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_CLASSLOADER
2011-02-17 19:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java Applet2ClassLoader Remote Code Execution (CVE-2010-4452)
2011-05-31 00:00:00
ubuntucve
ubuntucve
CVE-2010-4452
2011-02-17 00:00:00
metasploit
metasploit
Sun Java Applet2ClassLoader Remote Code Execution
2011-03-16 04:50:25
exploitdb
exploitdb
Sun Java Applet2ClassLoader - Remote Code Execution (Metasploit)
2011-03-16 00:00:00
openvas
openvas
Oracle Java SE Multiple Unspecified Vulnerabilities - Windows
2011-02-28 00:00:00
Oracle Java SE Multiple Unspecified Vulnerabilities (Windows)
2011-02-28 00:00:00
HP-UX Update for Java HPSBUX02685
2011-06-06 00:00:00
redhat
redhat
(RHSA-2011:0357) Critical: java-1.6.0-ibm security update
2011-03-16 00:00:00
(RHSA-2011:0282) Critical: java-1.6.0-sun security update
2011-02-17 00:00:00
(RHSA-2011:0880) Low: Red Hat Network Satellite server IBM Java Runtime security update
2011-06-16 00:00:00
nessus
nessus
SuSE 10 Security Update : java-1_6_0-ibm, java-1_6_0-ibm-32bit, java-1_6_0-ibm-64bit, java-1_6_0-ibm-alsa, java-1_6_0-ibm-alsa-32bit, java-1_6_0-ibm-demo, java-1_6_0-ibm-devel, java-1_6_0-ibm-devel-32bit, java-1_6_0-ibm-fonts, java-1_6_0-ibm-jdbc, java-1_6_0-ibm-jdbc-32bit, java-1_6_0-ibm-jdbc-64bit, java-1_6_0-ibm-plugin, java-1_6_0-ibm-plugin-32bit, java-1_6_0-ibm-src (ZYPP Patch Number 7369)
2011-03-22 00:00:00
RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2011:0357)
2011-03-17 00:00:00
SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4109)
2011-03-22 00:00:00
suse
suse
remote code execution in java-1_6_0-sun
2011-02-22 14:41:11
remote code execution in java-1_6_0-ibm,java-1_5_0-ibm,java-1_4_2-ibm
2011-03-22 13:32:34
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2011-11-05 00:00:00
oracle
oracle
cpuapr2011
2011-04-19 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.966 High

EPSS

Percentile

99.6%

JSON
Related for ZDI-11-084
saint4canvas1securityvulns3veracode1packetstorm1threatpost2cve1prion1seebug1d21checkpoint_advisories1ubuntucve1metasploit1exploitdb1openvas10redhat3nessus16suse2vmware2gentoo1oracle1