Unrated severityNVD Advisory· Published Apr 15, 2010· Updated Apr 29, 2026

CVE-2010-1423

Description

Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information.

Affected products

Oracle Corporation/Jdk2 versions
cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:*:update19:*:*:*:*:*:*range: <=1.6.0
Oracle Corporation/Jre2 versions
cpe:2.3:a:oracle:jre:1.6.0:update_10:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:jre:1.6.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:*:update19:*:*:*:*:*:*range: <=1.6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vupen.com/english/advisories/2010/0853nvdPatchVendor Advisory
www.reversemode.com/index.phpnvdExploit
secunia.com/advisories/39260nvdVendor Advisory
www.kb.cert.org/vuls/id/886582nvdUS Government Resource
lists.grok.org.uk/pipermail/full-disclosure/2010-April/074036.htmlnvd
osvdb.org/63648nvd
www.securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/57615nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14090nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.055
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000