Intrusion Prevention

Sun.Java.Web.Start.JNLP.Buffer.Overflow

Description

This indicates an attack attempt to exploit a buffer overflow vulnerability in Sun Java Web Start. The vulnerability is caused by a bound checking error in handling XML based JNLP files.

Affected Products

Sun JDK and JRE 6 Update 6 and earlier
Sun JDK and JRE 5.0 Update 15 and earlier
Sun SDK and JRE 1.4.2_17 and earlier
Sun SDK and JRE 1.3.1_22 and earlier

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patch, available from the web site.
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238905-1

CVE References

CVE-2008-3111