Java/CVE-2010-0094 is a family of malicious Java applets stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system outside its "sandbox" environment. It is discussed in CVE-2010-0094.

Java/CVE-2010-0094 is a family of malicious Java applets stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system outside its "sandbox" environment. It is discussed in CVE-2010-0094.

Exploit:Java/CVE-2010-0094.DH is a Java based vulnerability which affects Java Runtime Environment (JRE) up to version 6 release 18 inclusive. The vulnerability makes it possible for untrusted code to gain full privileges at the level of the user's browser security scope.

Java/CVE-2010-0094.BL is a Java applet stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system outside its "sandbox" environment. It is discussed in CVE-2010-0094.

If you visit a website containing the malicious code while using a vulnerable version of Java, Exploit:Java/CVE-2010-0094.BL  is loaded. It then attempts to download and execute files from a remote host/URL. The files that are downloaded and executed could be any of the attacker's choice and could include additional malware.

Exploit:Java/CVE-2010-0094.DB is a Java based malware that exploits a vulnerability discussed in CVE-2010-0094. The vulnerability affects Java Runtime Environment (JRE) up to version 6 release 18 inclusive, and makes it possible for untrusted code to gain the user's security context privileges.

Exploit:Java/CVE-2010-0094.N is the detection for files that exploit a vulnerability which affects the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.

 

The vulnerability can be exploited by malware to gain access to a user's computer to download and install malicious programs. The malware installation may occur when a malicious Java applet is executed by a vulnerable JRE. This scenario can occur when a user visits a malicious webpage that hosts such an applet. Note that a number of legitimate websites could be compromised or unwillingly host a malicious applet through advertising frames which could redirect to or host a malicious Java applet.

Exploit:Java/CVE-2010-0094.T is the detection for files that exploit a vulnerability which affects the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.

Exploit:Java/CVE-2010-0094.AA is the detection for malicious Java applet stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.

Exploit:Java/CVE-2010-0094.AX is a Java-based malware that exploits a vulnerability discussed in CVE-2010-0094. The vulnerability affects Java Runtime Environment (JRE) up to version 6 release 18 inclusive, and makes it possible for untrusted code to gain full privileges at the level of the user's browser security scope.

Exploit:Java/CVE-2010-0094.BC is a Java based malware that exploits a vulnerability discussed in CVE-2010-0094. The vulnerability affects Java Runtime Environment (JRE) up to version 6 release 18 inclusive and makes it possible for untrusted code to gain full privileges at the level of the user's browser security scope.

Exploit:Java/CVE-2010-0094.DF is the detection for malicious Java applet stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system outside its "sandbox" environment. It is discussed in CVE-2010-0094.

Exploit:Java/CVE-2010-0094.A is the detection for files that exploit a vulnerability which affects the Java Runtime Environment(JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.

 

The vulnerability can be exploited by malware to gain access to a user's computer to download and install malicious programs. The malware installation may occur when a malicious Java applet is executed by a vulnerable JRE. This scenario can occur when a user visits a malicious webpage that hosts such an applet. Note that a number of legitimate websites could be compromised or unwillingly host a malicious applet through advertising frames which could redirect to or host a malicious Java applet.

Exploit:Java/CVE-2010-0094.D is a java based vulnerability which affects Java Runtime Environment (JRE) up to version 6 release 18 inclusive. The vulnerability makes it possible for untrusted code to gain full privileges at the user's browser security scope.

Exploit:Java/CVE-2010-0094.AF is a Java based vulnerability which affects Java Runtime Environment (JRE) up to version 6 release 18 inclusive. The vulnerability makes it possible for untrusted code to gain full privileges at the level of the user's browser security scope.

Exploit:Java/CVE-2010-0094.BA is the detection for malicious Java applet stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sandbox" environment.

 

In the wild, Exploit:Java/CVE-2010-0094.BA has been observed to be distributed with other malware, such as Trojan:Java/Rowindal.D.

Exploit:Java/CVE-2010-0094.BI is a variant of the Exploit:Java/CVE-2010-0094 family - a family of malicious Java applets that exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 6, update 18 (described in CVE-2010-0094).

The unsigned Java applet, detected as Exploit:Java/CVE-2010-0094.BI, will attempt to trigger the CVE-2010-0094 vulnerability and run its downloader class with elevated privileges, detected as Trojan:Java/Rowindal.D, to download and run malware on your computer.

For an explanation of signed and unsigned Java applets, Java classes and elevated privileges, please see the Additional information section in this entry.