Java – Trigerring Java Code from a .SVG Image

Exploit Database
18 阅读

作者： Nicolas Gregoire

日期： 2012-05-16
类别：
- dos
平台：
- multiple
来源：https://www.exploit-db.com/exploits/18890/

SVG is a XML-based file format for static or animated images. Some SVG
specifications (likeSVG 1.1 and SVG Tiny 1.2) allow to trigger some
Java code when the SVG file is opened.

Given that I had to look at these features for a customer, I developed
some PoC codes which are now available online:

http://www.agarri.fr/docs/batik-evil.svg
http://www.agarri.fr/docs/batik-evil.jar

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/18890.svg
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/18890.jar

I published a more detailed article on my blog:
http://www.agarri.fr/blog/

Regards,
Nicolas Grégoire / @Agarri_FR

last Exploits
Java – Trigerring Java Code from a .SVG Image的更多信息

PictureTrails Photo Editor GE.exe 2.0.0 – ‘.bmp’ Crash (PoC)：
Sam Spade 1.14 – Decode URL Buffer Overflow Crash (PoC)：
Microsoft Windows – ‘nt!NtQueryVolumeInformationFile (FileFsVolumeInformation)’ Kernel Pool Memory Disclosure：
atvise webMI2ADS Web Server 1.0 – Multiple Vulnerabilities：
Google Android – ‘pm_qos’ KASLR Bypass：
Apache APR – Hash Collision Denial of Service：
Netware – SMB Remote Stack Overflow (PoC)：
Netcut 2.0 – Denial of Service：