Arbitrary x86 from Partially Trusted C# App

Jeroen Frijters writes:

Yesterday I discovered a bug in the JIT that not only causes incorrect results, but also allows the type system to be circumvented, which in turn leads to the possibility of arbitrary code execution. I have a proof-of-concept that executes arbitrary x86 code from a verifiable and partially trusted C# application.

Jeroen single handedly wrote a JVM in .NET that can execute and debug Java classes from .NET/Mono. He is pretty used to exploring the dark corners of .NET and finding strange bugs. The proof-of-concept will be released after a patch has been made available via Windows Update in the next few months.

Published Thursday, December 07, 2006 10:45 AM by Jamie Cansdale
Filed under:

Comments

# re: Arbitrary x86 from Partially Trusted C# App

A couple MONTHS?  Yeesh.

Friday, December 08, 2006 1:43 AM by Marc Brooks

# re: Arbitrary x86 from Partially Trusted C# App

Couple of months? Give MS 30 days MAX and let'r loose.

Monday, December 25, 2006 10:44 PM by JD

Leave a Comment

(required) 
(required) 
(optional)
(required)