exploit the possibilities
Showing 1 - 1 of 1 RSS Feed

Files

Zero Day Initiative Advisory 10-056
Posted Apr 6, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-056 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime. Authentication is not required to exploit this vulnerability. The specific flaw exists within the code responsible for ensuring proper privileged execution of methods. If an untrusted method in an applet attempts to call a method that requires privileges, Java will walk the call stack and for each entry verify that the method called is defined within a class that has that privilege. However, this does not take into account an untrusted object that has extended the trusted class without overwriting the target method. Additionally, this can be bypassed by abusing a similar trust issue with interfaces. An attacker can leverage these insecurities to execute vulnerable code under the context of the user invoking the JRE.

tags | advisory, java, remote, arbitrary
advisories | CVE-2010-0840
MD5 | 6041ddbcce4537467aef0c1c404932c0
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Zappos Offers Users 10% Discount In 2012 Breach Settlement
Posted Oct 18, 2019

tags | headline, hacker, privacy, data loss, identity theft
Cryptocurrency Execs Charged With Running $11 Million Ponzi Scheme
Posted Oct 18, 2019

tags | headline, bank, cybercrime, fraud, cryptography
How The Wheels Came Off Facebook's Libra Project
Posted Oct 18, 2019

tags | headline, government, bank, facebook, social, cryptography
Samsung Bug Allows Any Fingerprint To Unlock Phones
Posted Oct 18, 2019

tags | headline, phone, flaw, password, samsung
Dancho Danchev Launches New Uncle George Initiative
Posted Oct 17, 2019

tags | headline, hacker, cybercrime, fraud
Oracle Patches 218 Security Vulnerabilities
Posted Oct 17, 2019

tags | headline, database, flaw, patch, oracle
SHIELD Act Passes Committee
Posted Oct 17, 2019

tags | headline, government, usa, fraud
Cozy Bear Is Back In Action Again
Posted Oct 17, 2019

tags | headline, government, usa, russia, fraud, cyberwar, facebook, social
Cybercrime Tool Prices Bump Up In Dark Web Markets
Posted Oct 17, 2019

tags | headline, hacker, cybercrime, fraud
Sextortion Botnet Spreads 30,000 Emails An Hour
Posted Oct 16, 2019

tags | headline, email, cybercrime, botnet, fraud
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close