Java Web Start initial heap size command injection

Added: 03/02/2012
CVE: CVE-2012-0500
BID: 52015
OSVDB: 79227

Background

Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment (JRE).

Problem

A vulnerability in Java Web Start allows arbitrary command-line argument injection through the initial-heap-size parameter. This vulnerability can be exploited to load arbitrary DLL files.

Resolution

Apply the February 2012 Java SE Critical Patch Update.

References

http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html

Limitations

Exploit works on JRE 7 Update 2 and requires a user to load the exploit page in Internet Explorer 8 or 9.

Valid SMB user credentials with write permission for the specified SMB share are required. The target must be able to access this SMB share anonymously.

Platforms

Windows

Back to exploit index