Intrusion Prevention

Sun.Java.Web.Start.Encoding.Stack.Buffer.Overflow

Description

This indicates an attempt to exploit a stack buffer overflow vulnerability in Sun Java Web Start.
The vulnerability is caused by an input validation error in the "useEncodingDecl()" function. The error occurs while parsing the XML header's character encoding attribute. It allows remote attackers to execute arbitrary code via an over long "charset" name.

Affected Products

Sun JDK and JRE 6 Update 4 and earlier.
Sun JDK and JRE 5.0 Update 14 and earlier.

Impact

System Compromise: remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for a suggested workaround.
http://sunsolve.sun.com/search/document.do?assetkey=1-66-233323-1

CVE References

CVE-2008-1188