module
Sun Java JRE getSoundbank file:// URI Buffer Overflow
| Disclosed | Created |
|---|---|
| Nov 4, 2009 | May 30, 2018 |
Disclosed
Nov 4, 2009
Created
May 30, 2018
Description
This module exploits a flaw in the getSoundbank function in the Sun JVM.
The payload is serialized and passed to the applet via PARAM tags. It must be
a native payload.
The effected Java versions are JDK and JRE 6 Update 16 and earlier,
JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and
earlier, and SDK and JRE 1.3.1_26 and earlier.
NOTE: Although all of the above versions are reportedly vulnerable, only
1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
The payload is serialized and passed to the applet via PARAM tags. It must be
a native payload.
The effected Java versions are JDK and JRE 6 Update 16 and earlier,
JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and
earlier, and SDK and JRE 1.3.1_26 and earlier.
NOTE: Although all of the above versions are reportedly vulnerable, only
1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
Authors
Platform
OSX,Windows
Architectures
x86, ppc
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.