Java - Trigerring Java Code from a .SVG Image

EDB-ID:

18890

CVE:





Platform:

Multiple

Date:

2012-05-16


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

SVG is a XML-based file format for static or animated images. Some SVG
specifications (like  SVG 1.1 and SVG Tiny 1.2) allow to trigger some
Java code when the SVG file is opened.

Given that I had to look at these features for a customer, I developed
some PoC codes which are now available online:

http://www.agarri.fr/docs/batik-evil.svg
http://www.agarri.fr/docs/batik-evil.jar

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/18890.svg
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/18890.jar

I published a more detailed article on my blog:
http://www.agarri.fr/blog/

Regards,
Nicolas Grégoire / @Agarri_FR