Exploiting Memory Corruption Vulnerabilities in the Java Runtime presented at BlackHatAbuDhabi 2011

by Joshua j. Drake,

URL : https://media.blackhat.com/bh-ad-11/Drake/bh-ad-11-Drake-Exploiting_Java_Memory_Corruption-WP.pdf

Summary : The Oracle (previously Sun) Java Runtime Environment (JRE) is widely viewed by security researchers as one of the weakest links in the proverbial chain. That said, the exploitation of memory corruption vulnerabilities within the JRE is not always straight-forward. This talk will focus on a collection of techniques to overcome potential issues that one may face while developing exploits against memory corruption vulnerabilities within the JRE. The talk concludes with a demonstration of the techniques as used on a selection of contrived and real-world vulnerabilities.