tag:blogger.com,1999:blog-7337853103195839314.post6431972959127288966..comments2022-03-26T15:08:38.707-07:00Comments on Immunity Products: Java 0day analysis (CVE-2012-4681) Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-7337853103195839314.post-42009026711544885372012-09-02T11:00:33.201-07:002012-09-02T11:00:33.201-07:00Looks like the fix in 1.7_07 was to add explicit c...Looks like the fix in 1.7_07 was to add explicit calls to ReflectUtil.checkPackageAccess() at the beginning of the two com.sun.beans.finder.ClassFinder findClass() variants.Pat Niemeyerhttps://www.blogger.com/profile/02732672917822149627noreply@blogger.comtag:blogger.com,1999:blog-7337853103195839314.post-75285631721761649212012-08-30T00:53:31.496-07:002012-08-30T00:53:31.496-07:00i can also get sun.xxx like this:
"
Object t...i can also get sun.xxx like this:<br />"<br />Object t[] = new Object[1];<br />t[0]= Class.forName(paramString); <br />return (Class)t[0];<br />"hellokhttps://www.blogger.com/profile/09274940703128131794noreply@blogger.comtag:blogger.com,1999:blog-7337853103195839314.post-26220267725941578312012-08-29T02:13:19.313-07:002012-08-29T02:13:19.313-07:00is emet 3.5 can do something with this security fl...is emet 3.5 can do something with this security flaw ?jpbhttps://www.blogger.com/profile/08498594129657701697noreply@blogger.comtag:blogger.com,1999:blog-7337853103195839314.post-3426495426461687512012-08-28T22:17:41.033-07:002012-08-28T22:17:41.033-07:00I was wondering how is it possible to modify State...I was wondering how is it possible to modify Statement.acc even though it has modifier final. It seems that the field.setAccessible(true) call in getField is enough to allow the modification of a final field.Anonymoushttps://www.blogger.com/profile/09574575346557585679noreply@blogger.comtag:blogger.com,1999:blog-7337853103195839314.post-26766618686960070592012-08-28T21:41:41.327-07:002012-08-28T21:41:41.327-07:00This comment has been removed by the author.Anonymoushttps://www.blogger.com/profile/09574575346557585679noreply@blogger.comtag:blogger.com,1999:blog-7337853103195839314.post-39806172472923354522012-08-28T17:37:53.287-07:002012-08-28T17:37:53.287-07:00Interesting the CVE speaks only about 1.7 having t...Interesting the CVE speaks only about 1.7 having the vuln "and possibly others" have you tested 1.4-1.7?Risehttps://www.blogger.com/profile/09579960864658846667noreply@blogger.comtag:blogger.com,1999:blog-7337853103195839314.post-6161434158983585752012-08-28T11:53:40.445-07:002012-08-28T11:53:40.445-07:00Well done finding the second vulnerability. To be ...Well done finding the second vulnerability. To be honest, I stopped when finding the first one too, without thinking about how the method is actually invoked later.<br /><br />BTW CVE-2012-4681 will coexist next to CVE-2012-1723, which is able to exploit any versions from 1.4 to 7 published last year or earlier, not only Java 7, and especially every publicly available 1.4 or 5 version ever published :)Anonymousnoreply@blogger.com