CVE-2011-3544 / ZDI-11-305 – Oracle Java Applet Rhino Script Engine Remote Code Execution by Michael 'mihi' Schierl, @mihi42 Summary This is a vulnerability in the Rhino Script Engine that can be used by a Java Applet to run arbitrary Java code outside of the sandbox. Since Rhino Scripts are basically strings of JavaScript, they are not controlled by the Java SecurityManager like origin of class f