Talk:Virtual machine escape

Examples (Preferably documented)
ZSNES recently had a patch to block it from running x86 code. It's a 65816-based-SNES emulator so has no business running native code, obviously. https://www.youtube.com/watch?v=Q3SOYneC7mU VMWare also recently made a patch but that was already mentioned. Java has multiple patches for this. One of the oldest was the one where a method (collection of VM-executable bytecode) could have a negative value (signed) size, but that the actual data was 65533 bytes (unsigned). This was fixed around 2003 I think. A list of several exploits: https://cyberoperations.wordpress.com/offense/06-metasploit-basics-attacking-java/  This is a more recent one:  http://timboudreau.com/blog/The_Java_Security_Exploit_in_(Mostly)_Plain_English/read I left out code like that used for JPEG decoding since that is not generally considered any kind of virtualization. It's just a compressor. Compression, encryption, and sim/emulation all share quite a bit in common, though. 73.181.82.26 (talk) 06:23, 4 September 2015 (UTC)