when using JNLP files (CVE-2008-1196).
* Azul Systems reported an unspecified vulnerability that allows
applets to escalate their privileges (CVE-2007-5689).
* Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz,
Weidong Shao, and David Byrne discovered multiple instances where
Java applets or JavaScript programs run within browsers do not pin
DNS hostnames to a single IP address, allowing for DNS rebinding
attacks (CVE-2007-5232, CVE-2007-5273, CVE-2007-5274).
input validation (CVE-2007-6242).
* Jesse Michael and Thomas Biege reported that Flash does not
correctly set memory permissions (CVE-2007-6246).
* Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong
Shao reported that Flash does not pin DNS hostnames to a single IP
addresses, allowing for DNS rebinding attacks (CVE-2007-5275).
* David Neu reported an error withing the implementation of the
Socket and XMLSocket ActionScript 3 classes (CVE-2007-4324).
Technical Program Committee:
Martin Abadi (UC Santa Cruz & Microsoft, USA)
Kostas Anagnostakis (I2R/A-STAR, Singapore)
Kosta Beznosov (U British Columbia, Canada)
Dan Boneh (Stanford University, USA)
Steve Borbash (Department of Defense, USA)
Jean Camp (Indiana University, USA)
Iliano Cervesato (Carnegie Mellon Univ., USA)
Mihai Christodorescu (IBM Research, USA)
Debra Cook (IDA-CCS, USA)
The submission deadline for papers is 11:59 p.m. PDT on
Tuesday, May 26, 2009.
We look forward to your submissions.
Dan Boneh, Stanford University
Alexander Sotirov, independent security researcher
WOOT'09 Program Chairs
woot09chairs@usenix.org
PROGRAM COMMITTEE:
Michael Backes (Saarland University and MPI-SWS, Germany)
Bruno Blanchet (INRIA, Ecole Normale Superieure, and CNRS, France)
Dan Boneh (Stanford University, USA)
Nikita Borisov (University of Illinois at Urbana-Champaign, USA)
Herbert Bos (VU, Netherlands)
Srdjan Capkun (ETHZ, Switzerland)
Avik Chaudhuri (Adobe Advanced Technology Labs, USA)
Shuo Chen (Microsoft Research, USA)
