module
Java Applet Driver Manager Privileged toString() Remote Code Execution
| Disclosed | Created |
|---|---|
| Jan 10, 2013 | May 30, 2018 |
Disclosed
Jan 10, 2013
Created
May 30, 2018
Description
This module abuses the java.sql.DriverManager class where the toString() method
is called over user supplied classes from a doPrivileged block. The vulnerability
affects Java version 7u17 and earlier. This exploit bypasses click-to-play on Internet Explorer
and throws a specially crafted JNLP file. This bypass is applicable mainly to IE, where Java
Web Start can be launched automatically through the ActiveX control. Otherwise, the
applet is launched without click-to-play bypass.
is called over user supplied classes from a doPrivileged block. The vulnerability
affects Java version 7u17 and earlier. This exploit bypasses click-to-play on Internet Explorer
and throws a specially crafted JNLP file. This bypass is applicable mainly to IE, where Java
Web Start can be launched automatically through the ActiveX control. Otherwise, the
applet is launched without click-to-play bypass.
Authors
James Forshaw
juan vazquez juan.vazquez@metasploit.com
juan vazquez juan.vazquez@metasploit.com
Platform
Java,Linux,OSX,Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.