Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2010-1423

Published: 15/04/2010 Updated: 13/05/2022
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Jre

Vulnerability Summary

Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote malicious users to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information.

Vulnerable Product Search on Vulmon Subscribe to Product

oracle jre 1.6.0

oracle jdk 1.6.0

oracle jdk

oracle jre

Exploits

Exploit DB: Sun Java Web Start Plugin - Command Line Argument Injection (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking # # This module acts as an HTTP server # include Msf::Exploit::Remote::HttpServer::HTML include Msf::Explo ...

Recent Articles

Exploit kits attack vector – mid-year update
Securelist • Vicente Diaz • 01 Aug 2011

It is very interesting to see how short the lifespan of an exploit kit is. Some kits that were once popular and infected thousands of users are no longer being used. Even more interesting is the fact that some old kits make a comeback rearmed with fresh new exploits and reach the top of the rankings in serving malware. However, the most interesting area of study is how current exploits are used and their targets. In order to get some perspective, let?s start by analyzing the situation in 2010. T...

Read more...

References

CWE-78http://secunia.com/advisories/39260http://osvdb.org/63648http://www.securitytracker.com/id?1023840http://www.kb.cert.org/vuls/id/886582http://www.vupen.com/english/advisories/2010/0853http://lists.grok.org.uk/pipermail/full-disclosure/2010-April/074036.htmlhttp://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1https://exchange.xforce.ibmcloud.com/vulnerabilities/57615https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14090https://nvd.nist.govhttps://www.exploit-db.com/exploits/41700/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook