In the blackhat 2013, ZDI publish a paper about the US-13-Gorenc-Java-Every-Days-Exploiting-Software-Running-on-3-Billion-Devices. In this white paper, they mention a new way to exploit the native java vulnerability, which using the Statement Object can easily bypass the DEP and ASLR. But how do they do it. Recently, the Packet Storm Security published two new Native Java Vulnerabilities Exploits using the Statement Class. And we can find the detail from them. I will explain the details for you!