[26218] in bugtraq
Java webstart also allows execution of arbitrary code
daemon@ATHENA.MIT.EDU (Jelmer)
Thu Jul 18 13:43:04 2002
Message-ID: <003101c22deb$7e707960$0300000a@pluto>
From: "Jelmer" <jelmer@kuperus.xs4all.nl>
To: <bugtraq@securityfocus.com>
Date: Thu, 18 Jul 2002 01:41:38 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
It would seem that I opened up a can of worms when i created my icq +
msie advisory the other day
Wich presented a new way to execute arbitrary code on a users machine
Java webstart is equally vulnerable
Java webstart is a revolutionary way of deploying java applications and
comes standard with jdk and jre 1.4
It opens .jnlp with the mime type application/x-java-jnlp-file automaticly
and then stores downloaded content to known location on the users harddisk
namely
C:\Program Files\Java Web
Start\.javaws\cache\http\D$MYHOSTNAMEHERE$\P80\DMimages
in this case i choose to setup an icon in the jnlp file like this
<icon href="images/jelmer.gif" width="32" height="32" />
it then gets saved as
C:\Program Files\Java Web
Start\.javaws\cache\http\D$MYHOSTNAMEHERE$\P80\DMimages\RMjelmer.gif
In reallity this file is nothing else then our trusted renamed mht file that
can be called
example at :
http://kuperus.xs4all.nl/webstart.htm
I believe a great number of programs to be vulnerable to this exploit
and would currently recommend
going through the filetypes (open windows explorer not internet explorer
, then goto tools > folder options > file types and disable ALL
extentions that have their default action set to open. I really can't
tell how many programs are affected but there seem to be quite a few.
This is really quite a severe vulnerability as basicly anyone with basic
computer knowlage can exploit this
