Lucene search
Ben MurphyZDI-14-104HistoryApr 21, 2014 - 12:00 a.m.
Oracle Java permuteArguments Sandbox Bypass Remote Code Execution Vulnerability
2014-04-2100:00:00
Ben Murphy
www.zerodayinitiative.com
27
0.012 Low
EPSS
Percentile
85.2%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of permuteArguments. With the usage of this method, it is possible to disable the security manager and run code as privileged. This allows a malicious applet to execute attacker-supplied code resulting in remote code execution under the context of the current user.
Related
prion
prion
Buffer overflow
2014-04-16 00:55:00
Buffer overflow
2014-04-16 01:55:00
Buffer overflow
2014-04-16 01:55:00
cvelist
cvelist
ubuntucve
ubuntucve
cve
cve
nvd
nvd
openvas
openvas
Oracle Java SE 7.x, 8.x Multiple Vulnerabilities (cpuapr2014) - Linux
2014-04-18 00:00:00
Oracle Java SE 7.x, 8.x Multiple Vulnerabilities (cpuapr2014) - Windows
2014-04-18 00:00:00
Gentoo Security Advisory GLSA 201502-12
2015-09-29 00:00:00
nessus
nessus
VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0008)
2014-09-17 00:00:00
RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0412)
2014-04-18 00:00:00
RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0413)
2014-11-08 00:00:00
redhat
redhat
(RHSA-2014:0413) Critical: java-1.7.0-oracle security update
2014-04-17 09:19:33
(RHSA-2014:0412) Critical: java-1.7.0-oracle security update
2014-04-17 00:00:00
kaspersky
kaspersky
thn
thn
Oracle releases Critical Update to Patch 104 Vulnerabilities
2014-04-16 07:48:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2015-02-15 00:00:00
securityvulns
securityvulns
oracle
oracle
Oracle Critical Patch Update - April 2014
2014-04-15 00:00:00