Back to search

Sun Java Calendar Deserialization Privilege Escalation

This module exploits a flaw in the deserialization of Calendar objects in the Sun JVM. The payload can be either a native payload which is generated as an executable and dropped/executed on the target or a shell from within the Java applet in the target browser. The affected Java versions are JDK and JRE 6 Update 10 and earlier, JDK and JRE 5.0 Update 16 and earlier, SDK and JRE 1.4.2_18 and earlier (SDK and JRE 1.3.1 are not affected).

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/multi/browser/java_calendar_deserialize

Authors

  • sf <stephen_fewer [at] harmonysecurity.com>
  • hdm <x [at] hdm.io>

References

Targets

  • Generic (Java Payload)
  • Windows x86 (Native Payload)
  • Mac OS X PPC (Native Payload)
  • Mac OS X x86 (Native Payload)
  • Linux x86 (Native Payload)

Platforms

  • linux
  • osx
  • solaris
  • windows
  • java

Architectures

  • java
  • x86
  • ppc

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/browser/java_calendar_deserialize msf exploit(java_calendar_deserialize) > show targets ...targets... msf exploit(java_calendar_deserialize) > set TARGET <target-id> msf exploit(java_calendar_deserialize) > show options ...show and set options... msf exploit(java_calendar_deserialize) > exploit

Related Vulnerabilities