This module exploits a vulnerability in Oracle Java. Abusing the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments it is possible to execute arbitrary code.

Oracle Java is prone to a vulnerability that may allow the execution of an arbitrary attacker specified executable file, if this file is located in the same folder as a .class file. The attacker must entice a victim into opening a specially crafted .class file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

The default Java security properties configuration does not restrict access to certain objects in the com.sun.jmx.mbeanserver packages. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.

The default Java security properties configuration did not restrict access to certain com.sun.org.glassfish packages. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.

This module exploits a vulnerability in Oracle Java. The vulnerability is an invalid array indexing that exists within the native IntegerInterleavedRaster.verify() function inside jre/bin/awt.dll

A specific flaw exists within the handling of CFF-based OpenType fonts. The issue lies in two operators that allow for reading and writing elements beyond the allocated buffers. An attacker can leverage this vulnerability to execute code under the context of the current process.

An error in the way the bytecode verifier of Java validates field access instructions when preparing to JIT-compile a method can be abused to cause a type confusion vulnerability. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.

An error in the way that Java implements dynamic binding can be abused to overwrite public final fields. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.

This module exploits a vulnerability in Oracle Java taking advantages of the java.sql.DriverManager class. The specific flaw exists within the usage of java.sql.DriverManager. The issue lies in an implicit call to toString() that is made within a doPrivileged block. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user. This vulnerability was one of the 2013's Pwn2Own challenges.

This module exploits a stack-based buffer overflow vulnerability in the Oracle Java plugin for Internet Explorer (jp2iexp.dll) while processing the docBase parameter of a Java applet. This module bypasses Data Execution Prevention (DEP), even on Internet Explorer 8 with Permanent DEP enabled.