module
Java Applet Reflection Type Confusion Remote Code Execution
| Disclosed | Created |
|---|---|
| 2013-01-10 | 2018-05-30 |
Disclosed
2013-01-10
Created
2018-05-30
Description
This module abuses Java Reflection to generate a Type Confusion, due to a weak
access control when setting final fields on static classes, and run code outside of
the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This
exploit bypasses click-to-play throw a specially crafted JNLP file. This bypass is
applied mainly to IE, when Java Web Start can be launched automatically throw the
ActiveX control. Otherwise the applet is launched without click-to-play bypass.
access control when setting final fields on static classes, and run code outside of
the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This
exploit bypasses click-to-play throw a specially crafted JNLP file. This bypass is
applied mainly to IE, when Java Web Start can be launched automatically throw the
ActiveX control. Otherwise the applet is launched without click-to-play bypass.
Authors
Jeroen Frijters
juan vazquez juan.vazquez@metasploit.com
juan vazquez juan.vazquez@metasploit.com
Platform
Java,Linux,OSX,Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.