Fwd: [Dailydave] Java is fun!
R.A. Hettinga
rah at shipwright.com
Wed May 20 06:40:18 PDT 2009
Begin forwarded message:
> From: Dave Aitel <dave at kof.immunityinc.com>
> Date: May 20, 2009 4:39:57 AM GMT-04:00
> To: dailydave at lists.immunitysec.com
> Subject: [Dailydave] Java is fun!
>
> So here are a couple of blog posts about a great bug that has been
> used to
> great effect and is in a CANVAS installation near you!
>
> http://blog.cr0.org/2009/05/write-once-own-everyone.html
> http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html
>
> Basically, you get to execute Java code as the user if they visit
> your web
> page and have Java turned on. This is default in Fedora, for
> example, and
> Bas handily owned my laptop with it. In CANVAS you don't execute
> commands so
> much as get a JavaNode connectback (which is somewhat similar to
> MOSDEF).
>
> Anyways, it's one of my favorite updates to CANVAS recently. Go
> Julian and
> his wacky ReplaceObject() tricks! :>
>
> -dave
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
More information about the cypherpunks-legacy
mailing list