CVE-2010-1423

2010-04-1521:30:00

CWE-78

mitre

web.nvd.nist.gov

cve-2010-1423

java

npapi

deployment toolkit

argument injection

vulnerability

remote code execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.931

Percentile

99.1%

JSON

Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

oraclejdkRange≤1.6.0update19

oraclejdkMatch1.6.0update10

oraclejreRange≤1.6.0update19

oraclejreMatch1.6.0update_10

VendorProductVersionCPE
oraclejrecpe:/a:oracle:jre::update19::
oraclejdkcpe:/a:oracle:jdk::update19::
oraclejdk1.6.0cpe:/a:oracle:jdk:1.6.0:update10::
oraclejre1.6.0cpe:/a:oracle:jre:1.6.0:update_10::

Vendor	Product	Version	CPE
oracle	jre		cpe:/a:oracle:jre::update19::
oracle	jdk		cpe:/a:oracle:jdk::update19::
oracle	jdk	1.6.0	cpe:/a:oracle:jdk:1.6.0:update10::
oracle	jre	1.6.0	cpe:/a:oracle:jre:1.6.0:update_10::