Talk:Virtual machine escape
This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||||||||
|
Examples (Preferably documented)
editZSNES recently had a patch to block it from running x86 code. It's a 65816-based-SNES emulator so has no business running native code, obviously. https://www.youtube.com/watch?v=Q3SOYneC7mU
VMWare also recently made a patch but that was already mentioned.
Java has multiple patches for this. One of the oldest was the one where a method (collection of VM-executable bytecode) could have a negative value (signed) size, but that the actual data was 65533 bytes (unsigned). This was fixed around 2003 I think. A list of several exploits: https://cyberoperations.wordpress.com/offense/06-metasploit-basics-attacking-java/ This is a more recent one: http://timboudreau.com/blog/The_Java_Security_Exploit_in_(Mostly)_Plain_English/read
I left out code like that used for JPEG decoding since that is not generally considered any kind of virtualization. It's just a compressor. Compression, encryption, and sim/emulation all share quite a bit in common, though.
73.181.82.26 (talk) 06:23, 4 September 2015 (UTC)