On Sat, 12 Aug 2000 05:33:29 +0900
"TAKAGI, Hiromitsu" <[email protected]> wrote:
> This can be verified by trying the following refined proof of concept
> Applet.
> http://java-house.etl.go.jp/~takagi/java/test/Brumleve-BrownOrifice-modified-netscape.net.URLConnection/Test.html
> I have confirmed that Mac OS version is also affected.
And another one for the other vulnerability(*1) disclosed by Brown Orifice
is here.
http://java-house.etl.go.jp/~takagi/java/test/Brumleve-BrownOrifice-modified-java.net.ServerSocket/Test.html
(This does not work behind firewalls or with Proxy servers.)
(*1: see http://www.securityfocus.com/bid/1545)
How it works:
The source code is here.
Results are as follows:
Vulnerable
Netscape Navigator + built-in Java VM
Netscape Navigator + Java Plug-in 1.1.x
Internet Explorer + Java Plug-in 1.1.x
AppletViewer/HotJava + JDK 1.1.x
Internet Explorer for Mac OS + MRJ 2.x.x (Mac OS Runtime for Java)
Not vulnerable
Internet Explorer for Windows + built-in Microsoft VM
Internet Explorer for Mac OS + Microsoft VM
Netscape Navigator + Java Plug-in 1.2.x/1.3
Internet Explorer + Java Plug-in 1.2.x/1.3
AppletViewer/HotJava + JDK 1.2.x/1.3
JDK 1.0.x
Hiromitsu Takagi
Electrotechnical Laboratory
http://www.etl.go.jp/~takagi/