Exploiting Java Memory Corruption Vulnerabilities
Security researchers widely view the Oracle/Sun Java Runtime Environment (JRE) as one of the weakest links in the proverbial chain. Exploiting memory corruption vulnerabilities within the JRE is not always straightforward. Joshua J. Drake, Accuvant LABS senior research consultant and Metasploit expert, spoke at DerbyCon 2011 about a collection of techniques to overcome the potential issues that one may face while developing exploits against memory corruption vulnerabilities within the JRE. His research includes a demonstration of the techniques as used on a selection of contrived and real-world vulnerabilities as well as a tools download.