Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiPeter CsepelyZDI-11-086
HistoryFeb 15, 2011 - 12:00 a.m.

Oracle Java Webstart Trusted JNLP Extension Remote Code Execution Vulnerability

2011-02-1500:00:00
Peter Csepely
www.zerodayinitiative.com
19

EPSS

0.044

Percentile

92.5%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle’s Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Java Webstart loader of the Java Runtime Environment. When parsing a .jnlp file containing an extension, the loader will honor the permissions defined within. This will allow one to explicitly define the security permissions of their java component which will then get executed. This will allow one to execute code outside of the context of the JRE sandbox.

Related

openvas 14
prion 1
ubuntucve 1
nvd 1
securityvulns 2
cvelist 1
cve 1
veracode 1
redhat 3
nessus 18
suse 2
vmware 2
gentoo 1
openvas
openvas
Oracle Java SE Code Execution Vulnerability (Windows-01)
2011-02-28 00:00:00
Oracle Java SE Code Execution Vulnerability - 01 - (Feb 2011) - Windows
2011-02-28 00:00:00
Java for Mac OS X 10.5 Update 9
2011-08-29 00:00:00
prion
prion
Design/Logic Flaw
2011-02-17 19:00:00
ubuntucve
ubuntucve
CVE-2010-4463
2011-02-17 00:00:00
nvd
nvd
CVE-2010-4463
2011-02-17 19:00:01
securityvulns
securityvulns
ZDI-11-086: Oracle Java Webstart Trusted JNLP Extension Remote Code Execution Vulnerability
2011-02-17 00:00:00
Oracle Java multiple security vulnerabilities / OpenJDK
2011-02-17 00:00:00
cvelist
cvelist
CVE-2010-4463
2011-02-17 18:31:00
cve
cve
CVE-2010-4463
2011-02-17 19:00:01
veracode
veracode
Unspecified Vulnerability
2020-04-10 00:57:56
redhat
redhat
(RHSA-2011:0357) Critical: java-1.6.0-ibm security update
2011-03-16 00:00:00
(RHSA-2011:0282) Critical: java-1.6.0-sun security update
2011-02-17 00:00:00
(RHSA-2011:0880) Low: Red Hat Network Satellite server IBM Java Runtime security update
2011-06-16 00:00:00
nessus
nessus
RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2011:0357)
2011-03-17 00:00:00
SuSE 10 Security Update : java-1_6_0-ibm, java-1_6_0-ibm-32bit, java-1_6_0-ibm-64bit, java-1_6_0-ibm-alsa, java-1_6_0-ibm-alsa-32bit, java-1_6_0-ibm-demo, java-1_6_0-ibm-devel, java-1_6_0-ibm-devel-32bit, java-1_6_0-ibm-fonts, java-1_6_0-ibm-jdbc, java-1_6_0-ibm-jdbc-32bit, java-1_6_0-ibm-jdbc-64bit, java-1_6_0-ibm-plugin, java-1_6_0-ibm-plugin-32bit, java-1_6_0-ibm-src (ZYPP Patch Number 7369)
2011-03-22 00:00:00
SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4109)
2011-03-22 00:00:00
suse
suse
remote code execution in java-1_6_0-ibm,java-1_5_0-ibm,java-1_4_2-ibm
2011-03-22 13:32:34
remote code execution in java-1_6_0-sun
2011-02-22 14:41:11
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2011-11-05 00:00:00

EPSS

0.044

Percentile

92.5%

JSON
Related for ZDI-11-086
openvas14prion1ubuntucve1nvd1securityvulns2cvelist1cve1veracode1redhat3nessus18suse2vmware2gentoo1