jetlib.sec » SecDocs » [Paper] Exploiting Memory Corruption Vulnerabilities in the Java Runtime

Feeds

133326 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

SecDocs

• February 02, 2012
• 

  [Paper] Exploiting Memory Corruption Vulnerabilities in the Java Runtime

  Posted: February 2nd, 2012, 9:37pm PST

  Tags:  java corruption memory joshua-drake-tags abu-dhabi sun-java-runtime sun-java-runtime-environment java-runtime-environment  

  Authors: Joshua Drake
  Tags: memory heap overflow exploiting Java
  Event: Black Hat Abu Dhabi 2011
  Abstract: The Oracle (previously Sun) Java Runtime Environment (JRE) is widely viewed by security researchers as one of the weakest links in the proverbial chain. That said, the exploitation of memory corruption vulnerabilities within the JRE is not always straight-forward. This talk will focus on a collection of techniques to overcome potential issues that one may face while developing exploits against memory corruption vulnerabilities within the JRE. The talk concludes with a demonstration of the techniques as used on a selection of contrived and real-world vulnerabilities.