6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.148 Low
EPSS
Percentile
95.7%
Sun Java WebStart contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Sun Java WebStart is a technology for launching stand-alone Java applications. On Microsoft Windows systems, Java WebStart is provided by the program javaws.exe
, which is included with the Sun Java Runtime Environment (JRE). Java WebStart operates by processing a JNLP file, which is an XML document that contains information about the Java application to execute. The Sun JRE installer configures Internet Explorer and Netscape Navigator to automatically open JNLP files without any user interaction.
Java WebStart contains a stack buffer overflow in the handling of JNLP files. This vulnerability can be exploited to execute arbitrary code as the result of opening a specially-crafted JNLP file, which can occur as the result of viewing a malicious web site. We have received reports that this vulnerability is being actively exploited.
By convincing a user to open a specially-crafted JNLP file, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. This may occur as the result of viewing a specially-crafted web page.
Apply an update
This issue is addressed in the following Java versions:
* JDK and JRE 6 Update 5
* JDK and JRE 5.0 Update 15
* SDK and JRE 1.4.2_17
Delete the Windows file association for JNLP files
The file association for JNLP files on windows systems can be removed by deleting the following registry keys:
HKLM\Software\Classes\.jnlp
HKLM\Software\Classes\MIME\Database\Content Type\application/x-java-jnlp-file
HKLM\Software\Classes\JNLPfile
Disable the Java WebStart ActiveX control in Internet Explorer
The Java WebStart ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID:
{5852F5ED-8BF4-11D4-A245-0080C6F74284}
More information about how to set the kill bit is available in Microsoft Support Document 240797. Alternatively, the following text can be saved as a .REG
file and imported to set the kill bit for this control:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5852F5ED-8BF4-11D4-A245-0080C6F74284}]
"Compatibility Flags"=dword:00000400
223028
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: February 01, 2008 Updated: March 06, 2008
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
This issue is addressed in the following Java versions:
* JDK and JRE 6 Update 5
* JDK and JRE 5.0 Update 15
* SDK and JRE 1.4.2_17
Please see Sun Alert for more details and additional workarounds.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23223028 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This document was written by Will Dormann.
CVE IDs: | CVE-2008-1196 |
---|---|
Severity Metric: | 27.70 Date Public: |