[Full-disclosure] Binary Planting Goes "Any File Type"
Mitja Kolsek
mitja.kolsek at acrossecurity.com
Sat Jul 9 09:15:06 BST 2011
Tim,
We haven't, but I like your idea. However, if this is possible via applet parameters, I would be very disappointed that it hasn't been found/reported already. Or has everyone already given up on Java security? ;)
Mitja
On Jul 8, 2011, at 9:41 PM, Tim <tim-security at sentinelchicken.org> wrote:
> Mitja,
>
> A question/suggestion:
>
> Have you guys tried influencing where the .hotspotrc files are loaded
> from by supplying your own System properties (e.g. "user.dir")? You
> can do this in .jnlp files and probably applet tags as well. This has
> allowed for JRE RCE in the past.
>
> If there is a way to influence it, then you would have a more solid
> RCE vector.
>
> tim
>
Full-Disclosure is hosted and sponsored by Secunia.