Oracle Java Web Start JNLP Double Quote Remote Code Execution Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Home
Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

Confidence 2013

5% Off any SANS course
Use Code: SecuriTeam_5

Hack In Paris

La Nuit du Hack

Subjects of Interest:
Vulnerability Management
SQL Injection
Buffer Overflows
Active Network Scanning
Fuzzing
Fuzzer Report
Network Security
Network Scanner
Pen Testing
Security Scanner

Vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Webstart.

Credit:
The information has been provided by Chries Ries.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-12-037/

Free Website Security Scan	Free Fuzzer Report	Vulnerability Assessment
Detect web app vulnerabilities	University study comparing the top	Accurate and automated scanning
Get guidance from professionals.	6 commercially availble fuzzers.	for networks of any size.

Protect your website!
Free Trial, Nothing to install.
No interruption of visitors.
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
*Java Runtime

User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within javaws.exe . Java Web Start does not safely handle double quotes that are placed anywhere except the beginning of certain property names in JNLP files. As a result, double quotes can be used to inject arbitrary command-line arguments into a javaw.exe process. Leveraging this would allow a remote attacker to execute code under the context of the user.

Vendor Status:
Oracle has issued an update to correct this vulnerability.

Patch Availability:
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html

Disclosure Timeline:
2011-10-28 - Vulnerability reported to vendor
2012-02-22 - Coordinated public release of advisory

blog comments powered by Disqus

	SimplyPlay v.66 .pls File Buffer Overflow Exploit
	NProtect Anti-Virus Privilege Escalation Vulnerability
	Ripe HD FLV Player Plugin for WordPress Multiple Script Direct Request Path Disclosure Vulnerability
	CMS snews SQL Injection Vulnerability
	WeBid SQL Injection Exploit
	Invision Gallery SQL Injection Exploit
	ArrowChat External.php Lang Parameter Traversal Local File Inclusion Exploit
	WinWebMail Server Stored XSS Exploit
	TFTP Server for Windows ST WRQ Buffer Overflow Exploit
	QNX QCONN Remote Command Execution Exploit
	Distinct TFTP Writable Directory Traversal Execution Exploit
	Xion Audio Player 1.0.127 (.aiff) Denial of Service Exploit
	Wordpress Postie Plugin Stored XSS Exploit
	Vice City Multiplayer Server Remote Code Execution Exploit
	Sphpforum Multiple Exploits
	NetOp Remote Control Client Buffer Overflow Exploit
	MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Exploit
	MaxForum Local File Inclusion Exploit
	Inferno vBShout SQL Injection Vulnerability
	WP Effective Lead Management Persistent XSS Exploit

Featured Articles

	Social Engine Multiple Exploits
	Novell Groupwise Address Book Remote Code Execution Exploit
	GWebmail XSS & LFI RCE Vulnerabilities
	Acpid Privilege Boundary Crossing Exploit
	McAfee Virtual Technician MVT.MVTControl.6300 ActiveX GetObject() Vulnerability
	'SonicWall Global Management System XSS Vulnerability'
	'Opera file:// Overflow'
	'vxFtpSrv CWD Command Overflow'
	'Kaminsky DNS Cache Poisoning Flaw Exploit for Domains'
	'freeSSHD Post Authentication Buffer Overflow (Exploit)'
	'Symantec Altiris Client Service Local Privilege Escalation (Exploit)'
	'Apple Mac OS X SMB Vulnerabilities (mount_smbfs and smbutil)'
	'SurgeMail Webmail Host Header DoS'
	'PHP Win32std Extension safe_mode/disable_functions Protections Bypass'
	'WinPcap NPF.SYS Privilege Elevation Vulnerability (PoC exploit)'
	'MailEnable Buffer Overflow (LOGIN, Exploit)'
	'Durian Web Application Server Buffer Overflow (Exploit)'
	'KsIRC Buffer Overflow Exploit (PRIVMSG)'
	'Allied Telesyn AT-TFTP Server Filename Buffer Overflow (Exploit)'
	'Windows WorkStation NetpManageIPCConnect (MS06-070, Exploit)'

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs