Symantec Java! JustInTime Compiler 210.65 - Command Execution

EDB-ID:

22028




Platform:

Windows

Date:

2002-11-21


source: https://www.securityfocus.com/bid/6222/info

A vulnerability has been discovered in the Java! JustInTime compiled used by Netscape Communicator, related to the generation of Intel instructions from specially constructed Java bytecode.

If a malicous applet is compiled by the vulnerable compiler, it may be possible to redirect program flow to point to attacker-controlled memory.

Successful execution of attacker-supplied instructions may result in arbitrary system commands being executed outside of the Java sandbox, with privileges of the JVM process.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22028.tar.gz