=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D SUN Java JNLP Overflow
=3D
=3D Vendor Advisory: =20
=3D http://sunsolve.sun.com/search/document.do?assetkey=3D1-26-102996-1
=3D
=3D Affected Software:
=3D Java Web Start in JDK and JRE 6 Update 1 and earlier
=3D Java Web Start in JDK and JRE 5.0 Update 11 and earlier
=3D
=3D Public disclosure on Wednesday July 11, 2007
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D Overview =3D=3D
http://www.google.co.nz/search?hl=3Den&q=3Dsame+bug+different+app&meta=3D=
My guess is that two years down the track, nobody really took any
notice.
EEYE posted out there advisory, a couple of days ago. Check it if you=20
want the technical details.
Not surprising that it was also discovered by another person, and most
likely more than one.
1) Start-Regedit
2) Edit->Search->"editflags"
3) Find those that have a flag set of BINARY 00 00 01 00
4) *yawn*
5) Find a valid file of that type
=20
http://java.sun.com/j2se/1.4.2/docs/guide/jws/developersguide/syntax.htm
l
6) Try a long string in an obvious place
7) Watch the debugger kick in
8) Finish your cup of coffee
=3D=3D Solutions =3D=3D
SUN has released a patch
http://sunsolve.sun.com/search/document.do?assetkey=3D1-26-102996-1
This class of vulnerability is well known, and future cases can be=20
mitigated by removing or modifying the editflags value for all
registry entries that have 'Disable Open/Save dialog box' set.
http://mc-computing.com/WinExplorer/WinExplorerEditFlags.htm
=3D=3D Credit =3D=3D
Discovered and advised to SUN November 15 2006 by Brett Moore of
Security-Assessment.com
=3D=3D About Security-Assessment.com =3D=3D
Security-Assessment.com is Australasia's leading team of Information=20
Security consultants specialising in providing high quality Information=20
Security services to clients throughout the Asia Pacific region. Our=20
clients include some of the largest globally recognised companies in=20
areas such as finance, telecommunications, broadcasting, legal and=20
government. Our aim is to provide the very best independent advice and=20
a high level of technical expertise while creating long and lasting=20
professional relationships with our clients.
Security-Assessment.com is committed to security research and=20
development, and its team continues to identify and responsibly publish=20
vulnerabilities in public and private software vendor's products.=20
Members of the Security-Assessment.com R&D team are globally recognised=20
through their release of whitepapers and presentations related to new=20
security research.
Security-Assessment.com is an Endorsed Commonwealth Government of=20
Australia supplier and sits on the Australian Government=20
Attorney-General's Department Critical Infrastructure Project panel.=20
We are certified by both Visa and MasterCard under their Payment=20
Card Industry Data Security Standard Programs.