module
Java Applet Reflection Type Confusion Remote Code Execution
| Disclosed | Created |
|---|---|
| 01/10/2013 | 05/30/2018 |
Disclosed
01/10/2013
Created
05/30/2018
Description
This module abuses Java Reflection to generate a Type Confusion, due to a weak
access control when setting final fields on static classes, and run code outside of
the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This
exploit bypasses click-to-play throw a specially crafted JNLP file. This bypass is
applied mainly to IE, when Java Web Start can be launched automatically throw the
ActiveX control. Otherwise the applet is launched without click-to-play bypass.
access control when setting final fields on static classes, and run code outside of
the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This
exploit bypasses click-to-play throw a specially crafted JNLP file. This bypass is
applied mainly to IE, when Java Web Start can be launched automatically throw the
ActiveX control. Otherwise the applet is launched without click-to-play bypass.
Authors
Jeroen Frijtersjuan vazquez
Platform
Java,Linux,OSX,Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/multi/browser/java_jre17_reflection_types
msf /(s) > show actions
...actions...
msf /(s) > set ACTION < action-name >
msf /(s) > show options
...show and set options...
msf /(s) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.