Here are the slides for that talk: Hazards of Duke / Java Sandbox (in)security
For the readers of this blog, there shouldn't be too many new things. There are, however some new (in the sense that they haven't been fixed and I haven't discussed them on the blog) vulnerabilities discussed:
- A chaining instance that calls System.exit() and kills the virtual machine.
- A chaining instance that lists all network interfaces (IP addresses, etc).
- A programmatic GUI manipulation attack that allows renaming and moving files using the JFileChooser class. This one would be severe enough for me to pass on to ZDI, but it's ineligible, because I already informed Sun Microsystems about it in 2008. There are some clues in the slides, but I demoed the issue at my talk and I can give a practical example here, too.