Exploiting Java Memory Corruption Vulnerabilities

Explore Java memory corruption vulnerabilities in this 43-minute conference talk by Joshua Drake (jduck). Gain insights into exploiting Java applets, security background, and technical hurdles. Learn about setup, arbitrary call exploitation, format string vulnerabilities, and a practical lab on CVE-2009-3867. Conclude with recommendations for addressing these security concerns in Java applications.

Syllabus

Intro
Overview
Motivation
Background - Applets
Background - Security
Background - Technical
Hurdles - 1
Hurdles - Watchdog
Hurdles - Encoding
Exploiting: Setup
Exploiting: Arbitrary Call
Exploiting: Format String
LABS Exploiting: CVE-2009-3867
Conclusions
Recommendations