Threat Landscape Dashboard

Assessing today's threats and the relationships between them



Oracle Java Applet SB Bypass Remote Code Execution. The vulnerability is specific to the findClass method of the com.sun.beans.finder. Due to insufficient permission checks and improper exception handling, it can be made to call the forName0 native method with the Primordial Class Loader (null) as the third parameter resulting in the ability to access classes in restricted packages. Thereby enabling access to packages, which are part of the security implementation itself, from untrusted code, which can be utilized to further assist other security bypass attacks. In addition, the findMethod method of the com.sun.beans.finder:MethodFinder class. Due to insufficient permission check, it ends up calling java.lang. Class.getMethods, which relies on the caller stack for security checks. To exploit these vulnerabilities, an attacker must entice the target user to visit a malicious site hosting the crafted applet. Successful exploitation of this vulnerability would result in the execution of arbitrary Java code with full privileges of the currently logged in user, and outside of the sandbox.

Modified Date: