Teusink demonstrated at the Hack In The Box talk how he could run a Metasploit exploit on the victim PC with just a few keystrokes to remotely hijack the machine.
Before its Thursday patch, an exploit that took advantage of the Java security flaws had been included in the widely used Blackhole cybercriminal software kit as well as the Metasploit penetration testing toolset.
Developers of the Metasploit framework for hackers and penetration testers have released a module that should exploit the vulnerability on machines running Windows, Apple OS X, and Linux regardless of the browser they're using.
But the largest collections currently available from Core Security Technologies, Immunity and an open source project known as Metasploit include exploits for less than 10% of the 14, 000 security flaws publicly revealed in information technology systems over the last five years.
Moy says that the poor results of the NSS test are particularly surprising given that the vulnerabilities the lab tested were publicly described by government sources like CERT and MITRE, and the exploits they used came from the open-source penetration testing framework Metasploit.