CVE-2010-3552

EXPLOITED

Oracle Java SE/Jav for Bus 6 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2010-3552 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Metasploit, Skylined, including a Metasploit module exploits/windows/browser/java_docbase_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in the Sun Java Runtime Environment (JRE) before v6 Update 22 via the 'docbase' parameter in the new plugin component, allowing arbitrary code execution.

Description

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16587

This Metasploit module exploits a stack-based buffer overflow in the Sun Java Runtime Environment (JRE) before v6 Update 22 via the 'docbase' parameter in the new plugin component, allowing arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sun Java Runtime Environment (JRE) before v6 Update 22
No auth needed
Prerequisites: Target must have a vulnerable version of JRE installed and use Internet Explorer with the Java plugin enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Skylined · textremotewindows
https://www.exploit-db.com/exploits/15241

This exploit targets a stack-based buffer overflow in Oracle Java 6 (CVE-2010-3552) to achieve remote code execution. It bypasses DEP using a heap spray combined with a ret-into-libc attack to execute shellcode.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Oracle Java 6 (Update 20, 21, and likely earlier versions)
No auth needed
Prerequisites: Target must have Java 6 Update 20 or 21 installed · Target must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/java_docbase_bof.rb

This Metasploit module exploits a stack-based buffer overflow in the Sun Java Runtime Environment (JRE) before v6 Update 22. It leverages a vulnerability in the 'docbase' parameter of the 'launchjnlp' functionality to execute arbitrary code via a crafted HTML page.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sun Java Runtime Environment (JRE) before v6 Update 22
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Java Runtime Environment (JRE) version 6 Update 10 to 21
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (9)

Core 9
Core References
Vendor Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100114315
Vendor Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100123193
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=134254866602253&w=2
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0770.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12004
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11829

Scores

EPSS 0.8295
EPSS Percentile 99.3%

Details

VulnCheck KEV 2011-05-24
Status published
Products (4)
sun/jdk 1.6.0 (20 CPE variants)
sun/jdk < 1.6.0
sun/jre 1.6.0 (19 CPE variants)
sun/jre < 1.6.0
Published Oct 19, 2010
Tracked Since Feb 18, 2026