Sun Java Web Start Double Quote Injection

======================================================== Java Web Start Double Quote Inject Remote Code Execution ======================================================== Date: Jun 12 2012 updated: Jun 6 2013 Author: Rh0 Version: At least Java 1.6.31 to 1.6.35 and 1.7.03 to 1.7.07 Tested on:...

Sun Java Web Start Splashscreen GIF Decoding Buffer Overflow - Improved Performance (CVE-2008-2086)

The Sun Java Web Start is a component of the Java 2 Runtime Environment JRE. It allows for the network deployment of Java applications. This component enables stand-alone Java applications to be downloaded from a remote network location and invoked on a target machine. There exists a memory...

SEC Consult SA-20130417-1 :: Java ActiveX Control Memory Corruption

SEC Consult Vulnerability Lab Security Advisory 20130417-1 ======================================================================= title: Java ActiveX Control Memory Corruption product: JavaTM Web Start Launcher vulnerable version: Sun Java Version 7 Update 17 and before Sun Java Version 6 Update...

CentOS Update for icedtea-web CESA-2013:0753 centos6

Check for the Version of icedtea-web OpenVAS Vulnerability Test CentOS Update for icedtea-web CESA-2013:0753 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

Fedora Update for icedtea-web FEDORA-2013-5962

Check for the Version of icedtea-web OpenVAS Vulnerability Test Fedora Update for icedtea-web FEDORA-2013-5962 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Java Web Start Launcher ActiveX Control - Memory Corruption

Java Web Start Launcher ActiveX Control - Memory Corruption SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Java ActiveX Control Memory Corruption product: JavaTM Web Start Launcher vulnerable version: Sun Java Version...

RHEL 6 : icedtea-web (RHSA-2013:0753)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0753 advisory. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It...

Java Web Start Launcher Memory Corruption

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Java ActiveX Control Memory Corruption product: JavaTM Web Start Launcher vulnerable version: Sun Java Version 7 Update 17 and before Sun Java Version 6 Update 43 and...

Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)

Binary data 6717.prm...

Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)

Binary data 801018.prm...

CVE-2013-0967

CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site...

Design/Logic Flaw

CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site...

Oracle Java JDK / JRE 7 < Update 17 Remote Code Execution (Windows)

The version of Oracle formerly Sun Java Runtime Environment JRE 7.x installed on the remote host is earlier than Update 17. It, therefore, potentially can allow remote code execution due to the following vulnerabilities related to the '2D' sub-component : - An integer overflow error exists relate...

Oracle Java JDK / JRE 5 < Update 41 Remote Code Execution (Windows)

The version of Oracle formerly Sun Java Runtime Environment JRE 5.x installed on the remote host is earlier than Update 41. It, therefore, potentially can allow remote code execution due to the following vulnerabilities related to the '2D' sub-component : - An integer overflow error exists relate...

Oracle Java JDK / JRE 7 < Update 17 Remote Code Execution (Unix)

The version of Oracle formerly Sun Java Runtime Environment JRE 7.x installed on the remote host is earlier than Update 17. It, therefore, potentially can allow remote code execution due to the following vulnerabilities related to the '2D' sub-component : - An integer overflow error exists relate...

Oracle Java JDK / JRE 6 < Update 43 Remote Code Execution (Windows)

The version of Oracle formerly Sun Java Runtime Environment JRE 6.x installed on the remote host is earlier than Update 43. It, therefore, potentially can allow remote code execution due to the following vulnerabilities related to the '2D' sub-component : - An integer overflow error exists relate...

Oracle Java JDK / JRE 6 < Update 43 Remote Code Execution (Unix)

The version of Oracle formerly Sun Java Runtime Environment JRE 6.x installed on the remote host is earlier than Update 43. It, therefore, potentially can allow remote code execution due to the following vulnerabilities related to the '2D' sub-component : - An integer overflow error exists relate...

Oracle Java SE 7 < Update 11 Multiple Vulnerabilities (Unix)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is earlier than 7 Update 11 and is, therefore, potentially affected by the following security issues : - An unspecified issue exists in the Libraries component. CVE-2012-3174 - An error exists in the...

Oracle Java SE Multiple Vulnerabilities (March 2010 CPU) (Unix)

The version of Oracle formerly Sun Java Runtime Environment JRE installed on the remote host is earlier than 6 Update 19 / 5.0 Update 24 / 1.4.226. Such versions are potentially affected by security issues in the following components : - ImageIO - Java 2D - JRE - Java Web Start, Java Plug-in -...

Sun Java Web Start JNLP File Handling Overflow (102996) (Unix)

The Java Web Start utility distributed with the version of Sun Java Runtime Environment JRE installed on the remote host may be affected by a buffer overflow vulnerability. If an attacker can convince a user on the affected host to open a specially crafted JNLP file, it may be possible to execute...