British hacker Stephen Tomkinson has found two Blu-Ray-borne attacks.
His first exploit relies on a poor Java implementation in a product called PowerDVD from CyberLink. PowerDVD plays DVDs on PCs and creates menus using Java, but the way Oracle's code has been used allows naughty folk to circumvent Windows security controls.
The result, the NCC Group consultant says, is that it's possible to put executables onto Blu-Ray disks and to make those disks run automatically on startup even when Windows is set to stop that outcome.
Users would have no reason to suspect the whirring of an optical drive indicated unknown software was running, making this a potentially nasty attack.
The link for this article located at The Register UK is no longer available.