CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.7%
Added: 05/05/2011
CVE: CVE-2010-4452
BID: 46388
OSVDB: 71193
Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets.
Java 6 Update 23 and before are vulnerable to an unsigned code execution vulnerability. This may allow an attacker to trick a user into viewing a website with a malicious embedded Java applet.
Upgrade to Oracle JRE 6 Update 25 or later.
<http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html>
<http://fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/>
<http://www.zerodayinitiative.com/advisories/ZDI-11-084/>
This exploit has been tested against Oracle JRE 6 Update 23 on Windows XP SP3 English (DEP OptIn), Windows Vista SP2 English (DEP OptIn) and Windows 7 SP1 English (DEP OptIn).
Windows