Immunity Canvas: JAVA_DOCBASE

Tested on:
Windows XP Professional SP3 EN under IE 8 updated.
Windows XP Home SP3 EN with IE7
Windows 7 Ultimate with IE 8.
Windows Vista with IE 7

This exploit essentially works only under clientd. It does not work with HTTP MOSDEF as the shellcode
can only be of limited size.

This exploit defeats DEP. We don’t do a heap-spray for this exploit - instead
doing some clever anti-DEP techniques detailed in the exploit itself.

Other possible anti-DEP techniques include:
Shockwave DLL
.Net 2.0 DLL

We do not currently do process recovery in this exploit.

VersionsAffected: Oracle Java 6 <= Update 21
Repeatability: Infinite
References: [‘http://code.google.com/p/skylined/issues/detail?id=23’]
Date public: 10/12/2010