Back to search

Java Statement.invoke() Trusted Method Chain Privilege Escalation

This module exploits a vulnerability in Java Runtime Environment that allows an untrusted method to run in a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/multi/browser/java_trusted_chain

Authors

  • Sami Koivu
  • Matthias Kaiser
  • egypt <egypt [at] metasploit.com>

References

Targets

  • Generic (Java Payload)
  • Windows Universal
  • Linux x86

Platforms

  • java
  • linux
  • windows

Architectures

  • java
  • x86

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/browser/java_trusted_chain msf exploit(java_trusted_chain) > show targets ...targets... msf exploit(java_trusted_chain) > set TARGET <target-id> msf exploit(java_trusted_chain) > show options ...show and set options... msf exploit(java_trusted_chain) > exploit

Related Vulnerabilities