CVE-2012-0500

Oracle Java SE <7.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-0500. PoCs published by Metasploit, including Metasploit module exploits/windows/browser/java_ws_double_quote.

AI-analyzed exploit summary This Metasploit module exploits a flaw in the Java Web Start plugin (CVE-2012-0500) by injecting arbitrary JVM arguments via the -J option, leading to remote code execution. It leverages WebDAV and SMB to deliver a malicious DLL payload.

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/18520

View Code ZIP pw:eip

This Metasploit module exploits a flaw in the Java Web Start plugin (CVE-2012-0500) by injecting arbitrary JVM arguments via the -J option, leading to remote code execution. It leverages WebDAV and SMB to deliver a malicious DLL payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sun Java Runtime Environment (JRE) with Web Start plugin

No auth needed

Prerequisites: Target must have WebClient service enabled · Attacker must run the exploit as root on a server not serving SMB · Target must visit a malicious URL or be redirected to the exploit server

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/java_ws_double_quote.rb

View Code ZIP pw:eip

This Metasploit module exploits a flaw in Java Web Start (CVE-2012-0500) by injecting a double quote into JNLP parameters, allowing the -XXaltjvm option to load a malicious jvm.dll from a remote UNC path, achieving arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Java Runtime Environment <= 1.6.35 and <= 1.7.07

No auth needed

Prerequisites: WebClient service enabled on target · SMB/UNC path accessibility · Metasploit host running as root on non-Windows server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 02, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/java_ws_vmargs.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2012-0500 by injecting arbitrary JVM arguments via the Java Web Start plugin, leveraging the -XXaltjvm option to execute malicious code. It acts as an HTTP server to deliver a crafted JNLP file and DLL payload to vulnerable Java Runtime Environments on Windows.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sun Java Runtime Environment (JRE) with Web Start Plugin

No auth needed

Prerequisites: Target must have WebClient service enabled · Attacker must run the exploit as root on a server not serving SMB · Target must visit a malicious link or be redirected to the exploit server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →