CVE-2009-3867

This Metasploit module exploits a buffer overflow in the Sun Java JRE getSoundbank function via a malicious applet. It delivers a serialized payload through PARAM tags and targets multiple platforms.

This exploit leverages a heap spray technique combined with a stack overflow in Java's MIDI soundbank handling to achieve arbitrary code execution. It targets a vulnerability in Java SE versions prior to the updates released in 2009.

This exploit targets a vulnerability in Java SE's MIDI system to achieve arbitrary code execution by crafting a malicious file path with a buffer overflow. It checks the OS and constructs a path with repeated slashes followed by a controlled payload to trigger the vulnerability.

This Metasploit module exploits a buffer overflow in the getSoundbank function in Sun Java JRE versions 6 Update 16 and earlier, 5.0 Update 21 and earlier, 1.4.2_23 and earlier, and 1.3.1_26 and earlier. It delivers a serialized payload via an applet to achieve remote code execution.