Vulnerability & Exploit Database

Back to search

Sun Java Web Start BasicServiceImpl Code Execution

This module exploits a vulnerability in Java Runtime Environment that allows an attacker to escape the Java Sandbox. By injecting a parameter into a javaws call within the BasicServiceImpl class the default java sandbox policy file can be therefore overwritten. The vulnerability affects version 6 prior to update 22. NOTE: Exploiting this vulnerability causes several sinister-looking popup windows saying that Java is "Downloading application."

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/windows/browser/java_basicservice_impl

Authors

  • Matthias Kaiser
  • egypt <egypt [at] metasploit.com>

References

Targets

  • Windows x86
  • Generic (Java Payload)

Platforms

  • java
  • windows

Architectures

  • x86
  • java

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/browser/java_basicservice_impl msf exploit(java_basicservice_impl) > show targets ...targets... msf exploit(java_basicservice_impl) > set TARGET <target-id> msf exploit(java_basicservice_impl) > show options ...show and set options... msf exploit(java_basicservice_impl) > exploit

Related Vulnerabilities