Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added CVE-2010-0842 #178

Merged
merged 1 commit into from Feb 16, 2012
Merged

Added CVE-2010-0842 #178

merged 1 commit into from Feb 16, 2012

Conversation

juanvazquez
Copy link

I would like to make a contribution to metasploit with a module for "CVE-2010-0842: Sun Java Runtime Environment MixerSequencer Invalid Array Index Remote Code Execution Vulnerability" with the hope you find it useful.

It's a little old vulnerability but it seems exploited by the "hierarchy" exploit kit (http://malwareint.blogspot.com/2012/01/hierarchy-exploit-pack-new-crimeware.html). So I suppose it could be useful to someone for testing :). I haven't found it on msf.

I've tested on:
Windows XP SP3 / IE 6 / Java 6u18
Windows XP SP3 / IE 7 / Java 6u18
Windows XP SP3 / IE 8 / Java 6u18
Windows XP SP3 / Firefox 7.0.1 / Java 6u18
Windows XP SP3 / IE 8 / Java 6u17
Windows XP SP3 / Firefox 7.0.1 / Java 6u17
Windows 7 / IE 8 / Java 6u18

Finally I'm learning and training exploit writing and metasploit dev so any feedback is welcome!

Regards,

juan

(PD: All credits to Peter Vreugdenhil. He did an awesome research with this vulnerability!!)

@wchen-r7
Copy link
Contributor

Cool, I'll double check again and then will commit soon. Thanks! :-)

@wchen-r7 wchen-r7 merged commit e690379 into rapid7:master Feb 16, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@juanvazquez @wchen-r7