Vulnerability in Sun and Netscape Java Virtual Machine

vendor:

Java Virtual Machine

by:

Unknown

7.5

CVSS

HIGH

Java bytecode verifier vulnerability

476

CWE

Product Name: Java Virtual Machine

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: YES

Related CWE: Unknown

CPE: java_vm

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

Vulnerability in Sun and Netscape Java Virtual Machine

The vulnerability allows for the construction of bytecode that can instantiate objects without proper initialization, leading to potential read/write access to system files despite the security constraints of the Applet sandbox.

Mitigation:

Apply patches provided by Sun or Netscape to fix the vulnerability.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6224/info

A vulnerability in the Sun and Netscape Java Virtual Machine has been reported. The vulnerability is related to the bytecode verifier, a component of the Java compiler that ensures legal structure of Java instructions. According to the report, it is possible to construct bytecode that will cause objects to be instantiated without proper initialization. One known method of exploiting this vulnerability can allow for read/write access to system files despite the security constraints of the Applet sandbox.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22029-1.tar.gz

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22029-2.tar.gz

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22029-3.tar.gz

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22029-4.tar.gz