Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access. While the app may appear unverified, you can confirm its legitimacy by verifying the App ID provided.
Java/CVE-2010-0094 is a family of malicious Java applets stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system outside its "sandbox" environment. It is discussed in CVE-2010-0094.
Update vulnerable applications
This threat exploits a known vulnerability in the Java Runtime Environment (JRE). To prevent your computer from being vulnerable to this malware, make sure that you install the updates available from the vendor. You can read more about this vulnerability from the following links:
It may be necessary to remove older versions of Java that are still present. Keeping old and unsupported versions of Java on your system presents a serious security risk. To read more about why you should remove older versions of Java, see the following information.
Java/CVE-2010-0094 is a family of malicious Java applets stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system outside its "sandbox" environment. It is discussed in CVE-2010-0094.
Installation
Java/CVE-2010-0094 is distributed using the Java Archive (JAR) file format. It has been observed in the wild that it arrives in the computer when users are tricked into visiting a webpage that hosts the malicious applet.
The JAR file contains classes and resources necessary to execute the exploit code implemented as a Java applet. Using remote method invocation (RMI), the main class exploits the vulnerability in the "RMIConnectionImpl" class by loading the serialized custom ClassLoader. The subclass of ClassLoader inherits a runtime permission which can call protected mode, enabling malicious classes to load in privileged context.
The JAR package consists of the following classes, which load during the exploit process:
Exploit or Main class
ClassLoader class
Payload class
Payload
Downloads arbitrary files Java/CVE-2010-0094 variants are designed for drive-by download attacks, where an exploit is used for the purpose of downloading and executing arbitrary files, usually other malware.