OFFSITE.DARK
← Signals

Jun 29, 2026

1 min

Sploitus / Exploitarium

  • ghidra
  • ace
  • tracermi
  • exploitarium

news

Ghidra 12.1.2 Conditional ACE / TraceRMI RCE Surfaces

Packaged calc PoCs for Swift demangler tool path ACE, conditional TraceRMI agent command execution, and SevenZipJBinding reachability.

Summary

Packaged calc PoCs for Swift demangler tool path ACE, conditional TraceRMI agent command execution, and SevenZipJBinding reachability. This proof-of-concept is one of 30 folders in the Exploitarium collection. OFFSITE.DARK summarizes the upstream README and PoC design; we did not discover or weaponize this flaw.

Key Findings

FindingDetail
Product / targetGhidra 12.1.2
PrimitiveProcess launch sinks + TraceRMI command channels + archive parser
ImpactConditional local code execution when Swift tool dir configured or untrusted TraceRMI peer; native parser surface via SevenZipJBinding.

Attack Chain

Config-dependent: fake swift-demangle tool, TraceRMI agent methods, or archive open path

Mitigation

Only load projects/tools from trusted paths; isolate Ghidra in VM for untrusted binaries.

Related Signals

Sources

→ Source