CVE-2010-0840
CVE-2010-0840
CVSS 9.8 CRITICALEPSS 96.2%● KEV
In short
A flaw in Java Runtime Environment allowed attackers to run malicious code on computers running vulnerable Java versions. This happened because Java did not properly verify that certain trusted methods were actually safe to execute, letting attackers trick the system into running their commands.
Technical detail
The vulnerability stems from improper validation of privileged method execution in JRE, where untrusted objects extending trusted classes or implementing trusted interfaces could bypass security checks. Remote attackers could exploit this via specially crafted objects to achieve arbitrary code execution with the privileges of the JRE process, affecting confidentiality, integrity, and availability across Java SE versions 6 Update 18, 5.0 Update 23, and 1.4.2_25.
Summary generated and translated by AI from the official description.
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.