Talk:Virtual machine escape

Latest comment: 9 years ago by 73.181.82.26 in topic Examples (Preferably documented)


Examples (Preferably documented)

edit

ZSNES recently had a patch to block it from running x86 code. It's a 65816-based-SNES emulator so has no business running native code, obviously. https://www.youtube.com/watch?v=Q3SOYneC7mU
VMWare also recently made a patch but that was already mentioned.
Java has multiple patches for this. One of the oldest was the one where a method (collection of VM-executable bytecode) could have a negative value (signed) size, but that the actual data was 65533 bytes (unsigned). This was fixed around 2003 I think. A list of several exploits: https://cyberoperations.wordpress.com/offense/06-metasploit-basics-attacking-java/ This is a more recent one: http://timboudreau.com/blog/The_Java_Security_Exploit_in_(Mostly)_Plain_English/read
I left out code like that used for JPEG decoding since that is not generally considered any kind of virtualization. It's just a compressor. Compression, encryption, and sim/emulation all share quite a bit in common, though.
73.181.82.26 (talk) 06:23, 4 September 2015 (UTC)Reply