CVE-2008-5353

This exploit dynamically generates a signed Java applet to bypass security warnings, leveraging social engineering to execute arbitrary code on the victim's machine. It uses the CVE-2008-5353 vulnerability to achieve remote code execution via a crafted JAR file.

This Metasploit module exploits a deserialization flaw in the Sun Java Calendar class (CVE-2008-5353) to achieve remote code execution. It delivers a malicious JAR file via an HTML page with an embedded applet, supporting multiple payload types including reverse shells and native executables.

The document describes CVE-2008-5353, a Java sandbox escape vulnerability affecting Mac OS X JVMs, allowing arbitrary command execution via malicious applets. It includes a proof-of-concept link demonstrating the exploit.

This Metasploit module exploits a deserialization flaw in Sun Java Calendar objects (CVE-2008-5353) to achieve remote code execution. It supports multiple platforms and payload types, including native executables and Java-based shells.

This Metasploit module exploits a deserialization flaw in the Sun JVM's Calendar object handling, allowing privilege escalation or remote code execution via a malicious Java applet. It supports multiple platforms and payload types, including reverse/bind shells and native executables.