You may have read about the Calendar bug that allows an applet to leave its normal privileges and engage in local privileges. This mainly effects Mac OS X due to their unpatched version of Java. Basically, it allows someone to run any Java code on the a client’s computer they wish just by the client visiting their url. I won’t go into the details how it works, you can read up on the proof of concept blogs here:
http://slightlyrandombrokenthoughts.blogspot.com/2008/12/calendar-bug.html
http://landonf.bikemonkey.org/
http://blog.cr0.org/2009/05/write-once-own-everyone.html
I got curious how this works, but no source code was available so I gave it a shot. So I now have a proof of concept and some source code to share. You can visit the proof of concept url here: http://www.therareair.com/javaexploit. If the exploit effects you, you can find a new directory on your desktop “Hi”.
The source code can be found here: Source Code
When I get more time I can maybe comment how it works and what files do what. Pretty sure you can figure it out with the source though.
That’s it.
Happy coding!