CVE-2003-0896

Sun SDK/JRE 1.4.1_03 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0896. PoCs published by Last Stage of Delirium.

AI-analyzed exploit summary This exploit leverages a vulnerability in the Sun Java Virtual Machine to bypass the Java Security Model, allowing arbitrary code execution. It attempts to load a restricted class to confirm vulnerability.

Description

The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of "." (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Last Stage of Delirium · javadosmultiple

https://www.exploit-db.com/exploits/23276

View Code ZIP pw:eip

This exploit leverages a vulnerability in the Sun Java Virtual Machine to bypass the Java Security Model, allowing arbitrary code execution. It attempts to load a restricted class to confirm vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Sun Java Virtual Machine (JRE/SDK)

No auth needed

Prerequisites: Vulnerable version of Sun Java Virtual Machine

MITRE ATT&CK