Feeds
268044 items (1 unread) in 27 feeds
-
0day.today (was: 1337day, Inj3ct0r, 1337db)
-
OSVDB Vulnerabilities
-
Exploit-DB
-
SecurityFocus Vulnerabilities
-
Bugtraq
-
Full Disclosure
-
XSSed
-
Packet Storm Security Headlines (1 unread)
-
-
-
-
-
-
Sophos security news
-
-
Penetration Testing
-
SecuriTeam
-
BackTrack Linux Forums
-
Threatpost
-
SecDocs
-
carnal0wnage.attackresearch.com
-
Carnal0wnage
-
-
Darknet
-
The Exploitant
-
Hack a Day
-
Wirevolution
«
Expand/Collapse
Packet Storm Security Exploits
-
Java MixerSequencer Object GM_Song Structure Handling
Posted: February 16th, 2012, 7:27pm PST
This Metasploit module exploits a flaw within the handling of MixerSequencer objects in Java 6u18 and before. Exploitation id done by supplying a specially crafted MIDI file within an RMF File. When the MixerSequencer objects is used to play the file, the GM_Song structure is populated with a function pointer provided by a SONG block in the RMF. A Midi block that contains a MIDI with a specially crafted controller event is used to trigger the vulnerability. When triggering the vulnerability "ebx" points to a fake event in the MIDI file which stores the shellcode. A "jmp ebx" from msvcr71.dll is used to make the exploit reliable over java updates.