Vulnerability CVE-2010-1423

Vulnerability Name:

CVE-2010-1423 (CCN-57615)

Assigned:

2010-04-09

Published:

2010-04-09

Updated:

2022-05-13

Summary:

Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method.
Note: some of these details are obtained from third party information.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-78

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-1423

Source: CCN
Type: Java SE 6 Update Release Notes
Changes in 1.6.0_20 (6u20)

Source: FULLDISC
Type: UNKNOWN
20100409 Java Deployment Toolkit Performs Insufficient Validation of Parameters

Source: OSVDB
Type: UNKNOWN
63648

Source: CCN
Type: SA39260
Sun Java Deployment Toolkit Argument Injection Vulnerability

Source: SECUNIA
Type: Vendor Advisory
39260

Source: CCN
Type: SECTRACK ID: 1023840
Sun JRE Java Deployment Toolkit Lets Remote Users Inject Arbitrary Commands

Source: CCN
Type: US-CERT VU#886582
Java Deployment Toolkit insufficient argument validation

Source: CERT-VN
Type: US Government Resource
VU#886582

Source: CCN
Type: OSVDB ID: 63648
Oracle Java SE / JRE javaw.exe JAR File Handling Arbitrary Code Execution

Source: MISC
Type: Exploit
http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1

Source: SECTRACK
Type: UNKNOWN
1023840

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2010-0853

Source: XF
Type: UNKNOWN
jre-toolkit-command-execution(57615)

Source: XF
Type: UNKNOWN
jre-toolkit-command-execution(57615)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:14090

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [04-09-2010]

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:jre:1.6.0:update_10:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:*:update19:*:*:*:*:*:* (Version <= 1.6.0)

OR cpe:/a:oracle:jre:*:update19:*:*:*:*:*:* (Version <= 1.6.0)

Configuration CCN 1:

cpe:/a:sun:jre:1.6.0:update9:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update9:*:*:*:*:*:*

AND

cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:14090	V	Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information.	2014-08-18

BACK