Analysis on Java Web Start Argument Injection Exploit

The recent discovery of Java Web Start Argument Injection vulnerability (CVE-2010-0886 and CVE-2010-0887) has opened a new opportunity for the bad guy to utilize it in drive-by download attack. Here is a short write up on the example (in the wild) found early today, which exploiting this vulnerability. The exploit was found on http://buckomre.com/ and […]