Sun Java Web Start JNLP File Processing Buffer Overflow
Secunia Advisory: SA25981
Release Date: 2007-07-10
Last Update: 2007-07-11
Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Java Web Start 1.x
Sun Java JDK 1.5.x
Sun Java JDK 1.6.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.6.x / 6.x
CVE reference: CVE-2007-3655 (Secunia mirror)
Description:
A vulnerability has been reported in Sun Java Web Start, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the Java Web
Start component (javaws.exe) when processing JNLP files. This can be
exploited to cause a stack-based buffer overflow via a specially crafted
JNLP file with an overly long codebase attribute.
Successful exploitation allows execution of arbitrary code e.g. when a
user visits a malicious website.
The vulnerability is reported in the following versions:
* JRE and JDK 6 Update 1 and earlier
* JRE and JDK 5 Update 11, and earlier
Secunia has constructed the Secunia Software Inspector, which you can
use to check if your system is vulnerable:
http://secunia.com/software_inspector/
Solution:
Apply updates.
JRE/JDK 5 Update 12:
http://java.sun.com/javase/downloads/index_jdk5.jsp
JRE/JDK 6 Update 2:
http://java.sun.com/javase/downloads/index.jsp
Provided and/or discovered by:
Daniel Soeder, eEye Digital Security
The vendor also credits Brett Moore.
Changelog:
2007-07-11: Added CVE reference. Updated "Title", "Description" and
"Solution". Added JDK as affected product.
Original Advisory:
Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1
eEye:
http://research.eeye.com/html/advisories/published/AD20070705.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.html
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================