JS/Exploit.JavaDepKit [Threat Name] go to Threat
JS/Exploit.JavaDepKit.A [Threat Variant Name]
Category | trojan |
Aliases | Exploit.Java.CVE-2010-0886.a (Kaspersky) |
Exploit-JavaWS.trojan (McAfee) | |
Bloodhound.Exploit.292 (Symantec) |
Short description
JS/Exploit.JavaDepKit.A is the detection name for the exploit code against a vulnerability in the Java Deployment Toolkit . By luring victims to a specially crafted web page, an attacker can exploit the vulnerability to execute arbitrary code in the context of the logged on user.
Other information
The exploit code is written in JavaScript and uses a Java Deployment Toolkit object to download and launch arbitrary Java code.
It exploits the CVE-2010-1423 vulnerability.
Microsoft Windows systems with Java versions 6, Update 10 up to 6, Update 19 installed are vulnerable.
Java 6 Update 20 , released 15.04.2010 by Oracle , included a fix for this issue.