https://www.exploit-db.com/exploits/22028
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-285

NetscapeCommunicator/Navigator的JVM实现使用了SymantecJustInTime(JIT)编译器，Java虚拟机在共享动态实现，并默认被NetscapeBrowser使用。NetscapeCommunicator使用的Java!JustInTime编译器对部分特殊Java字节码处理不正确，远程攻击者可以利用这个漏洞构建恶意JavaApplet，诱使用户打开，在目标用户JVM环境中以用户权限在系统上执行任意指令。Java!JustInTime编译器在从特殊构建的Java字节码中生成Intel指令时存在问题，一个恶意构建的applet如果有此编译器编译的情况下，可能导致重定向程序到攻击者控制的内容中，从而使用户提供的指令绕过JavaSandbox检查以当前JVM进程权限在系统上执行任意指令。

source: http://www.securityfocus.com/bid/6222/info

A vulnerability has been discovered in the Java! JustInTime compiled used by Netscape Communicator, related to the generation of Intel instructions from specially constructed Java bytecode.

If a malicous applet is compiled by the vulnerable compiler, it may be possible to redirect program flow to point to attacker-controlled memory.

Successful execution of attacker-supplied instructions may result in arbitrary system commands being executed outside of the Java sandbox, with privileges of the JVM process.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/22028.tar.gz

来源:XF
名称:symantec-jit-bypass-security(10711)
链接:http://xforce.iss.net/xforce/xfdb/10711
来源:BID
名称:6222
链接:http://www.securityfocus.com/bid/6222
来源:BUGTRAQ
名称:20021121[LSD]JavaandJVMsecurityvulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=103798147613151&w;=2
来源：NSFOCUS
名称：3889
链接：http://www.nsfocus.net/vulndb/3889