j2re
Page content
- Author: vmiklos
- Vulnerable: 6-2
- Unaffected: 6-3terminus1
A vulnerability has been reported in Sun Java Web Start, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error within the Java Web Start component (javaws.exe) when processing JNLP files. This can be exploited to cause a stack-based buffer overflow via a specially crafted JNLP file with an overly long codebase attribute. Successful exploitation allows execution of arbitrary code e.g. when a user visits a malicious website.
- Bug Tracker URL: http://bugs.frugalware.org/task/2254