Microsoft JVM CAB File Loading Vulnerability

info
discussion
exploit
solution
references

Microsoft JVM CAB File Loading Vulnerability

Microsoft JVM uses a class named com.ms.vm.loader.CabCracker, which contains a public method that allows CAB archives to be loaded from the hard disk. Since the method is public, any applet can call this method and bypass any security checks that would normally be in place.

This vulnerability was originally reported in BID 5670.