Full Disclosure mailing list archives
Re: [SE-2012-01] information regarding recently discovered Java 7 attack
From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 31 Aug 2012 11:26:47 -0400
On Wed, Aug 29, 2012 at 5:20 PM, Security Explorations <contact () security-explorations com> wrote:
On 2012-08-29 23:04, Tim wrote:Based on the details released so far about the exploit in the wild, how likely do you think it is that your research may have been leaked?Currently, it looks more like an independent work than a leak to me. The way in which SunToolkit class and its getField method is used to achieve a complete JVM sandbox bypass is different from what was demonstrated to Oracle (different exploitation path).
A good explaination of the vulnerability is here: "The new Java 0Day examined," http://www.h-online.com/security/features/The-new-Java-0day-examined-1677789.html. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 28)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 29)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 31)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 29)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jacqui Caren (Aug 30)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 31)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 29)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Tim (Aug 29)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 31)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 31)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 31)
- [SE-2012-01] New security issue affecting Java SE 7 Update 7 Security Explorations (Aug 31)