IBM Support

Default Eclipse settings can cause potential vulnerability

News


Abstract

Due to default Eclipse settings, a crafted dll named "unixfile_1_0_0.DLL" and contained by the Eclipse project, is automatically loaded when the project is opened and can trigger an attack.

Content

eclipse.filesystem.useNatives is set to True by default in the Eclipse settings.
To avoid any unexpected loading of a crafter DLL named "unixfile_1_0_0.DLL", we recommend changing the default value and to set eclipse.filesystem.useNatives to False, in the ini file or the command line.
Problem found with Eclipse 4.7.3 (Oxygen).

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSSA5P","label":"IBM ILOG CPLEX Optimization Studio"},"Component":"Eclipse","Platform":[{"code":"PF033","label":"Windows"}],"Version":"12.9;12.10","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
15 January 2020

UID

ibm11172320