CVE-2010-3563

Oracle Java SE/Jav for Bus <6 Update 21 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-3563. PoCs published by Metasploit, Matthias Kaiser, egypt, including Metasploit module exploits/windows/browser/java_basicservice_impl.

AI-analyzed exploit summary This Metasploit module exploits CVE-2010-3563 in Java Web Start by overwriting the default sandbox policy file, allowing remote code execution. It serves malicious JNLP files and a JAR payload to bypass the Java sandbox.

Description

Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/16495

This Metasploit module exploits CVE-2010-3563 in Java Web Start by overwriting the default sandbox policy file, allowing remote code execution. It serves malicious JNLP files and a JAR payload to bypass the Java sandbox.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Java Runtime Environment (JRE) 6 prior to update 22
No auth needed
Prerequisites: Victim must visit a malicious URL or open a crafted JNLP file · Java Web Start must be installed and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Matthias Kaiser, egypt · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/java_basicservice_impl.rb

This Metasploit module exploits CVE-2010-3563, a vulnerability in Java Web Start's BasicServiceImpl that allows sandbox escape by overwriting the default Java security policy file. It serves malicious JNLP files and a JAR payload to achieve remote code execution on vulnerable Java Runtime Environment versions prior to update 22.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Java Runtime Environment (JRE) 6 prior to update 22
No auth needed
Prerequisites: Victim must visit a malicious web page or open a malicious JNLP file · Java Web Start must be installed and vulnerable
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (14)

Core 14
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0987.html
Vendor Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100114315
Vendor Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100123193
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=134254866602253&w=2
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0770.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44954
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12181
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0880.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/43999
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-202/
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12554

Scores

EPSS 0.8425
EPSS Percentile 99.7%

Details

Status published
Products (4)
sun/jdk 1.6.0 (20 CPE variants)
sun/jdk < 1.6.0
sun/jre 1.6.0 (19 CPE variants)
sun/jre < 1.6.0
Published Oct 19, 2010
Tracked Since Feb 18, 2026