CVE-2010-0886

EXPLOITED

Oracle Java SE/JDK/JRE <6.20 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2010-0886 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 5 public exploits from researchers including Metasploit, Tavis Ormandy, Ruben Santamarta, including a Metasploit module exploits/windows/browser/java_ws_arginject_altjvm.

AI-analyzed exploit summary This Metasploit module exploits CVE-2010-0886, a flaw in Sun Java Web Start Plugin where command line arguments are improperly validated. It leverages the -J and -XXaltjvm options to execute arbitrary code via a malicious JNLP file served over HTTP.

Description

Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16585

This Metasploit module exploits CVE-2010-0886, a flaw in Sun Java Web Start Plugin where command line arguments are improperly validated. It leverages the -J and -XXaltjvm options to execute arbitrary code via a malicious JNLP file served over HTTP.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sun Java Web Start Plugin (versions 6 Update 10 and later)
No auth needed
Prerequisites: Target must have WebClient service enabled · Attacker must host HTTP server with malicious JNLP · Target must visit attacker-controlled URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Tavis Ormandy · textremotewindows
https://www.exploit-db.com/exploits/12117

This exploit leverages insufficient parameter validation in the Java Deployment Toolkit's launch() method to pass arbitrary command-line arguments to javaws.exe, enabling remote code execution via a malicious JAR file loaded from a UNC path.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Java Deployment Toolkit (Java SE 6 Update 10 and later)
No auth needed
Prerequisites: Victim must have Java Deployment Toolkit installed · Victim must visit a malicious webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Ruben Santamarta · textremotemultiple
https://www.exploit-db.com/exploits/12122

The writeup details a logic flaw in Java JRE's Web Start support, where command-line parameters are not validated, allowing attackers to inject malicious parameters via crafted HTML embed tags. The analysis includes disassembly snippets and explains how the '-XXaltjvm' parameter can be abused to load a malicious JVM library.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Java JRE (Windows, Linux)
No auth needed
Prerequisites: Victim must visit a malicious webpage with crafted embed tags · Java JRE with Web Start enabled
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/java_ws_arginject_altjvm.rb

This Metasploit module exploits CVE-2010-0886 by leveraging the -J and -XXaltjvm Java Web Start plugin options to execute arbitrary code via a crafted JNLP file. It uses WebDAV and SMB to deliver a malicious DLL payload to vulnerable Windows systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sun Java Web Start Plugin (versions since 6 Update 10)
No auth needed
Prerequisites: Server with SMB disabled · Target with WebClient service enabled · Root privileges on the server
devstral-2 · analyzed Mar 05, 2026 Full analysis →
exploitdb WORKING POC
rubylocalwindows
https://www.exploit-db.com/exploits/41700

This Metasploit module exploits CVE-2010-0886, a command line argument injection vulnerability in Sun Java Web Start Plugin. It leverages the -J and -XXaltjvm options to execute arbitrary code via a crafted JNLP file, targeting Windows systems with WebClient service enabled.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sun Java Web Start Plugin (versions since 6 Update 10)
No auth needed
Prerequisites: Target must have WebClient service enabled · Attacker must host malicious server · Target must visit attacker-controlled URL
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (14)

Core 14
Core References
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14216
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=134254866602253&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39819
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-279590-1
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4170
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022294.1-1
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4171
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1191

Scores

EPSS 0.8097
EPSS Percentile 99.2%

Details

VulnCheck KEV 2010-06-03
Status published
Products (2)
sun/jdk 1.6.0 update10 (10 CPE variants)
sun/jre 1.6.0 update10 (10 CPE variants)
Published Apr 20, 2010
Tracked Since Feb 18, 2026