← Signals
- ghidra
- ace
- tracermi
- exploitarium
news
Ghidra 12.1.2 Conditional ACE / TraceRMI RCE Surfaces
Packaged calc PoCs for Swift demangler tool path ACE, conditional TraceRMI agent command execution, and SevenZipJBinding reachability.
Summary
Packaged calc PoCs for Swift demangler tool path ACE, conditional TraceRMI agent command execution, and SevenZipJBinding reachability. This proof-of-concept is one of 30 folders in the Exploitarium collection. OFFSITE.DARK summarizes the upstream README and PoC design; we did not discover or weaponize this flaw.
Key Findings
| Finding | Detail |
|---|---|
| Product / target | Ghidra 12.1.2 |
| Primitive | Process launch sinks + TraceRMI command channels + archive parser |
| Impact | Conditional local code execution when Swift tool dir configured or untrusted TraceRMI peer; native parser surface via SevenZipJBinding. |
Attack Chain
Config-dependent: fake swift-demangle tool, TraceRMI agent methods, or archive open path
Mitigation
Only load projects/tools from trusted paths; isolate Ghidra in VM for untrusted binaries.