CVE-2010-0840

CRITICAL KEV RANSOMWARE

Oracle Java SE/Jav for Bus <6-5.0-1.4.2 - Info Disclosure

Title source: llm

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/16297

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Sami Koivu, Matthias Kaiser, egypt · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_trusted_chain.rb

View Code ZIP pw:eip

References (41)

[Broken Link] http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

[Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2010//May/msg00001.html

[Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2010//May/msg00002.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

[Mailing List] http://marc.info/?l=bugtraq&m=127557596201693&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=134254866602253&w=2

[Broken Link, Vendor Advisory] http://secunia.com/advisories/39292

[Broken Link, Vendor Advisory] http://secunia.com/advisories/39317

[Broken Link, Vendor Advisory] http://secunia.com/advisories/39659

[Broken Link, Vendor Advisory] http://secunia.com/advisories/39819

[Broken Link, Vendor Advisory] http://secunia.com/advisories/40211

[Broken Link, Vendor Advisory] http://secunia.com/advisories/40545

[Broken Link, Vendor Advisory] http://secunia.com/advisories/43308

[Release Notes, Third Party Advisory] http://support.apple.com/kb/HT4170

[Release Notes, Third Party Advisory] http://support.apple.com/kb/HT4171

[Third Party Advisory] http://ubuntu.com/usn/usn-923-1

[Broken Link] http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

[Patch, Third Party Advisory] http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

... and 21 more

Scores

CVSS v3 9.8

EPSS 0.9208

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-05-25

VulnCheck KEV 2011-07-26

InTheWild.io 2017-05-27

ENISA EUVD EUVD-2010-0865

Ransomware Use Confirmed

Status published

Products (10)

canonical/ubuntu_linux 8.04

canonical/ubuntu_linux 8.10

canonical/ubuntu_linux 9.04

canonical/ubuntu_linux 9.10

opensuse/opensuse 11.0

opensuse/opensuse 11.1

opensuse/opensuse 11.2

oracle/jre 1.4.2_25

oracle/jre 1.5.0 update23

oracle/jre 1.6.0 update18

Published Apr 01, 2010

KEV Added May 25, 2022

Tracked Since Feb 18, 2026