Tim, We haven't, but I like your idea. However, if this is possible via applet parameters, I would be very disappointed that it hasn't been found/reported already. Or has everyone already given up on Java security? ;)
Mitja On Jul 8, 2011, at 9:41 PM, Tim <[email protected]> wrote: > Mitja, > > A question/suggestion: > > Have you guys tried influencing where the .hotspotrc files are loaded > from by supplying your own System properties (e.g. "user.dir")? You > can do this in .jnlp files and probably applet tags as well. This has > allowed for JRE RCE in the past. > > If there is a way to influence it, then you would have a more solid > RCE vector. > > tim > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
