module
Sun Java JRE AWT setDiffICM Buffer Overflow
| Disclosed | Created |
|---|---|
| Nov 4, 2009 | May 30, 2018 |
Disclosed
Nov 4, 2009
Created
May 30, 2018
Description
This module exploits a flaw in the setDiffICM function in the Sun JVM.
The payload is serialized and passed to the applet via PARAM tags. It must be
a native payload.
The effected Java versions are JDK and JRE 6 Update 16 and earlier,
JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and
earlier, and SDK and JRE 1.3.1_26 and earlier.
NOTE: Although all of the above versions are reportedly vulnerable, only
1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
The payload is serialized and passed to the applet via PARAM tags. It must be
a native payload.
The effected Java versions are JDK and JRE 6 Update 16 and earlier,
JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and
earlier, and SDK and JRE 1.3.1_26 and earlier.
NOTE: Although all of the above versions are reportedly vulnerable, only
1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
Author
jduck [email protected]
Platform
OSX,Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.