Sun.Java.Web.Start.Encoding.Stack.Buffer.Overflow
Description
This indicates an attempt to exploit a stack buffer overflow vulnerability in Sun Java Web Start.
The vulnerability is caused by an input validation error in the "useEncodingDecl()" function. The error occurs while parsing the XML header's character encoding attribute. It allows remote attackers to execute arbitrary code via an over long "charset" name.
Affected Products
Sun JDK and JRE 6 Update 4 and earlier.
Sun JDK and JRE 5.0 Update 14 and earlier.
Impact
System Compromise: remote attackers can gain control of vulnerable systems.
Recommended Actions
Refer to the vendor's web site for a suggested workaround.
http://sunsolve.sun.com/search/document.do?assetkey=1-66-233323-1
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |