Home / malware Exploit:Java/CVE-2010-0094
First posted on 15 February 2019.
Source: MicrosoftAliases :
There are no other names known for Exploit:Java/CVE-2010-0094.
Explanation :
Java/CVE-2010-0094 is a family of malicious Java applets stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system outside its "sandbox" environment. It is discussed in CVE-2010-0094.
Installation
Java/CVE-2010-0094 is distributed using the Java Archive (JAR) file format. It has been observed in the wild that it arrives in the computer when users are tricked into visiting a webpage that hosts the malicious applet.
The JAR file contains classes and resources necessary to execute the exploit code implemented as a Java applet. Using remote method invocation (RMI), the main class exploits the vulnerability in the "RMIConnectionImpl" class by loading the serialized custom ClassLoader. The subclass of ClassLoader inherits a runtime permission which can call protected mode, enabling malicious classes to load in privileged context.
The JAR package consists of the following classes, which load during the exploit process:
Exploit or Main class ClassLoader class Payload class Payload
Downloads arbitrary files
Java/CVE-2010-0094 variants are designed for drive-by download attacks, where an exploit is used for the purpose of downloading and executing arbitrary files, usually other malware.
Analysis by Methusela Cebrian FerrerLast update 15 February 2019
