Intrusion Prevention



This indicates an attack attempt to exploit a buffer overflow vulnerability in Sun Java Web Start. The vulnerability is caused by a bound checking error in handling XML based JNLP files.

Affected Products

Sun JDK and JRE 6 Update 6 and earlier
Sun JDK and JRE 5.0 Update 15 and earlier
Sun SDK and JRE 1.4.2_17 and earlier
Sun SDK and JRE 1.3.1_22 and earlier


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patch, available from the web site.

CVE References