It would seem that I opened up a can of worms when i created my icq + msie advisory the other day Wich presented a new way to execute arbitrary code on a users machine Java webstart is equally vulnerable Java webstart is a revolutionary way of deploying java applications and comes standard with jdk and jre 1.4 It opens .jnlp with the mime type application/x-java-jnlp-file automaticly and then stores downloaded content to known location on the users harddisk namely C:\Program Files\Java Web Start\.javaws\cache\http\D$MYHOSTNAMEHERE$\P80\DMimages in this case i choose to setup an icon in the jnlp file like this <icon href="images/jelmer.gif" width="32" height="32" /> it then gets saved as C:\Program Files\Java Web Start\.javaws\cache\http\D$MYHOSTNAMEHERE$\P80\DMimages\RMjelmer.gif In reallity this file is nothing else then our trusted renamed mht file that can be called example at : http://kuperus.xs4all.nl/webstart.htm I believe a great number of programs to be vulnerable to this exploit and would currently recommend going through the filetypes (open windows explorer not internet explorer , then goto tools > folder options > file types and disable ALL extentions that have their default action set to open. I really can't tell how many programs are affected but there seem to be quite a few. This is really quite a severe vulnerability as basicly anyone with basic computer knowlage can exploit this
This archive was generated by hypermail 2b30 : Thu Jul 18 2002 - 10:42:43 PDT