Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | Netscape Communicator Java Native Code Generation Bug Lets Remote Users Bypass Java Security Controls |
|---|
Categorie: Vulnerability
Posted: 2002-11-27 by ReCall
Views: 380
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: A vulnerability was reported in the Symantec Java! JustInTime (JIT) Compiler used in Netscape Communicator. A remote user can circumvent Java sandbox security controls and execute arbitrary code on the target user's system.
It is reported that the native code sequence generated for at least one particular bytecode sequence is incorrect. A call to a jump() method results in a code execution jump to a code location specified by the eax register instead of returning to the calling function.
A remote user can create malicious Java code that, when executed on a target user's computer, will be able to bypass the Java security controls and break out of the Java sandbox to execute arbitrary code on the target user s system.
For additional information on this flaw, see the original report at:
http://lsd-pl.net/java_security.html
The vendor has reportedly been notified.
Impact: A remote user can execute arbitrary code on the target user's computer with the privileges of the
target user.
Solution: No solution was available at the time of this entry.
According to the report, the JIT compiler can be disabled by removing its library from the Netscape installation directory.
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=381
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
