VDB
CVE-2010-1423
CVE-2010-1423
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information.
EPSS 68.95% · 98.6th percentile
Risk Scores
CVSS v2.0
9.300000190734863
EPSS Score
68.95%
98.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | jdk | 1.6.0, 0 |
| oracle | jre | 0, 1.6.0 |
| n/a | n/a | n/a |
Timeline
- CVE Published
- Apr 9, 2010 PoC Published
- Apr 9, 2010 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1 url
- 1023840 vdb
- 63648 vdb
- 20100409 Java Deployment Toolkit Performs Insufficient Validation of Parameters mailing-list
- 39260 third-party-advisory
- jre-toolkit-command-execution(57615) vdb
- VU#886582 third-party-advisory
- oval:org.mitre.oval:def:14090 vdb
- ADV-2010-0853 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2010-1423 advisory