module
Sun Java Applet2ClassLoader Remote Code Execution
Disclosed | Created |
---|---|
Feb 15, 2011 | May 30, 2018 |
Disclosed
Feb 15, 2011
Created
May 30, 2018
Description
This module exploits a vulnerability in the Java Runtime Environment
that allows an attacker to run an applet outside of the Java Sandbox. When
an applet is invoked with:
1. A "codebase" parameter that points at a trusted directory
2. A "code" parameter that is a URL that does not contain any dots
the applet will run outside of the sandbox.
This vulnerability affects JRE prior to version 6 update 24.
that allows an attacker to run an applet outside of the Java Sandbox. When
an applet is invoked with:
1. A "codebase" parameter that points at a trusted directory
2. A "code" parameter that is a URL that does not contain any dots
the applet will run outside of the sandbox.
This vulnerability affects JRE prior to version 6 update 24.
Authors
Frederic Hoguin
jduck [email protected]
jduck [email protected]
Platform
Java
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.