module
Sun Java Applet2ClassLoader Remote Code Execution
Disclosed | Created |
---|---|
2011-02-15 | 2018-05-30 |
Disclosed
2011-02-15
Created
2018-05-30
Description
This module exploits a vulnerability in the Java Runtime Environment
that allows an attacker to run an applet outside of the Java Sandbox. When
an applet is invoked with:
1. A "codebase" parameter that points at a trusted directory
2. A "code" parameter that is a URL that does not contain any dots
the applet will run outside of the sandbox.
This vulnerability affects JRE prior to version 6 update 24.
that allows an attacker to run an applet outside of the Java Sandbox. When
an applet is invoked with:
1. A "codebase" parameter that points at a trusted directory
2. A "code" parameter that is a URL that does not contain any dots
the applet will run outside of the sandbox.
This vulnerability affects JRE prior to version 6 update 24.
Authors
Frederic Hoguin
jduck jduck@metasploit.com
jduck jduck@metasploit.com
Platform
Java
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.