Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote malicious users to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle jre 1.6.0 |
||
oracle jdk 1.6.0 |
||
oracle jdk |
||
oracle jre |
It is very interesting to see how short the lifespan of an exploit kit is. Some kits that were once popular and infected thousands of users are no longer being used. Even more interesting is the fact that some old kits make a comeback rearmed with fresh new exploits and reach the top of the rankings in serving malware. However, the most interesting area of study is how current exploits are used and their targets. In order to get some perspective, let?s start by analyzing the situation in 2010. T...