What is CVE-2010-1423?

CVE-2010-1423 is a vulnerability in Oracle Jdk, classified under OS Command Injection. Published 2010-04-15.

Is CVE-2010-1423 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Oracle Jdk

CVE-2010-1423

Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arb…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.689 (98.6th percentile) — read the EPSS interpretation.

Affected products

Oracle Jdk — versions 1.6.0
Oracle Jre — versions 1.6.0
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

20100409 Java Deployment Toolkit Performs Insufficient Validation of Parameters (mailing-list, x_refsource_FULLDISC)
63648 (x_refsource_OSVDB, vdb-entry)
39260 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
VU#886582 (US Government Resource, x_refsource_CERT-VN, third-party-advisory)
cve@mitre.org (Exploit, x_refsource_MISC)
1023840 (vdb-entry, x_refsource_SECTRACK)
ADV-2010-0853 (Patch, vdb-entry, x_refsource_VUPEN, Vendor Advisory)
jre-toolkit-command-execution(57615) (vdb-entry, x_refsource_XF)
oval:org.mitre.oval:def:14090 (signature, x_refsource_OVAL, vdb-entry)

Frequently asked questions

What is CVE-2010-1423?: CVE-2010-1423 is a vulnerability in Oracle Jdk, classified under OS Command Injection. Published 2010-04-15.
Is CVE-2010-1423 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.