Lucene search

SAINT CorporationSAINT:D25EA3A9ECECCE0EAAD76756E80C2619

HistoryJul 23, 2008 - 12:00 a.m.

Sun Java Web Start JNLP file j2se element heap-size buffer overflow

2008-07-2300:00:00

SAINT Corporation

download.saintcorporation.com

297

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.675 Medium

EPSS

Percentile

97.9%

JSON

Added: 07/23/2008
CVE: CVE-2008-3111
BID: 30148
OSVDB: 46959

Background

Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment (JRE).

Problem

A buffer overflow vulnerability in Sun Java Web Start allows command execution when the user opens a JNLP file containing a j2se element with a long, specially crafted **initial-heap-size** or **max-heap-size** parameter.

Resolution

Upgrade to JDK and JRE 6 Update 7 or later, JDK and JRE 5.0 Update 16 or later, or SDK and JRE 1.4.2_18 or later.

References

<http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1>

Limitations

Exploit works on Sun Java Runtime Environment (JRE) 6 Update 3 and requires a user to load the exploit file.

This exploit may not work on unpatched versions of Windows XP SP2.

Platforms

Windows 2000
Windows XP
Red Hat Enterprise Linux 4

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.675 Medium

EPSS

Percentile

97.9%

JSON

Related for SAINT:D25EA3A9ECECCE0EAAD76756E80C2619