CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.2%
Added: 03/02/2012
CVE: CVE-2012-0500
BID: 52015
OSVDB: 79227
Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment (JRE).
A vulnerability in Java Web Start allows arbitrary command-line argument injection through the initial-heap-size parameter. This vulnerability can be exploited to load arbitrary DLL files.
Apply the February 2012 Java SE Critical Patch Update.
<http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html>
Exploit works on JRE 7 Update 2 and requires a user to load the exploit page in Internet Explorer 8 or 9.
Valid SMB user credentials with write permission for the specified SMB share are required. The target must be able to access this SMB share anonymously.
Windows