Java webstart also allows execution of arbitrary code

["Jelmer" <jelmer () kuperus xs4all nl>]

It would seem that I opened up a can of worms when i created my icq +
msie advisory the other day
Wich presented a new way to execute arbitrary code on a users machine
Java webstart is equally vulnerable

Java webstart is a revolutionary way of deploying java applications and
comes standard with jdk and jre 1.4


It opens .jnlp with the mime type application/x-java-jnlp-file automaticly
and then stores downloaded content to known location on the users harddisk
namely

C:\Program Files\Java Web
Start\.javaws\cache\http\D$MYHOSTNAMEHERE$\P80\DMimages

in this case i choose to setup an icon in the jnlp file like this

<icon href="images/jelmer.gif" width="32" height="32" />

it then gets saved as

C:\Program Files\Java Web
Start\.javaws\cache\http\D$MYHOSTNAMEHERE$\P80\DMimages\RMjelmer.gif

In reallity this file is nothing else then our trusted renamed mht file that
can be called

example at :

http://kuperus.xs4all.nl/webstart.htm


I believe a great number of programs to be vulnerable to this exploit
and would currently recommend
going through the filetypes (open windows explorer not internet explorer
, then goto tools > folder options > file types and disable ALL
extentions that have their default action set to open. I really can't
tell how many programs are affected but there seem to be quite a few.

This is really quite a severe vulnerability as basicly anyone with basic
computer knowlage can exploit this