java_rhino exploit

View previous topic View next topic Go down

java_rhino exploit

Post by ssj100 on 24/12/2011, 05:15

Very interesting exploit of Java. Demonstrated with Metasploit:
https://forums.comodo.com/news-announcements-feedback-cis/cis-59-bypassed-by-javarhino-exploit-t79741.0.html

With such exploits, I always like to see how it could potentially affect me on a "bad day". It turns out I would most likely be protected either way.

1. For my IE browser, Java is not allowed to start/run. In fact, effectively nothing else apart from iexplore.exe can start/run. So that pretty much blocks the exploit dead.
2. For my FF browser, Java is allowed to start/run, but I also run NoScript:
Noscript -- protected system Will block the java applet/exploit
However, what if I mistakenly white-listed the site/domain etc? Well, it turns out Sandboxie effectively contains the exploit anyway:
Sandboxie -- protected system After deleting contents in sandbox connection is broken
And even if somehow executable code could escape the sandbox and run, LUA + SRP would most likely block it.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum