Sun Java Web Start command-line argument injection

Added: 04/20/2010
CVE: CVE-2010-0886
BID: 39492
OSVDB: 63798

Background

Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment (JRE).

Problem

A vulnerability in Sun Java Web Start allows execution of arbitrary commands which are injected into a URL containing the string "-J".

Resolution

See Oracle Security Alert CVE-2010-0886 for fix information.

References

http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0122.html

Limitations

Exploit works on Java SE 6 Update 19 and requires a user to load the exploit page in Internet Explorer.

Before the exploit can succeed, the exploit.jar file must be downloaded from the exploit server and placed onto the specified SMB share.

The specified SMB share must be accessible from the target host.

Platforms

Windows

Back to exploit index