Write once, own everyone, Java deserialization issues...

1 reply [Last post]
RaT
RaT's picture
Offline
SX High Council
Joined: 2008/03/12

There is a pretty interesting blog post located at http://blog.cr0.org/2009/05/write-once-own-everyone.html about a certain java vulnerability. The coolest thing about this exploit to me is that it is 100% java. This means that all of those fancy protection technologies like ASLR, DEP, PaX, etc won't save you if you are vulnerable.

There is also a proof of concept for Mac OS X users located over at http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html