Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow
Added: 10/15/2010CVE: CVE-2010-3552
BID: 44023
Background
Oracle Java SE and Java for Business are development platforms for developing and deploying Java applications. They include the Java SE Development Kit (JDK) and the Java Runtime Environment (JRE). The JRE provides the minimum requirements for executing a Java application and consists of the Java Virtual Machine (JVM), core classes and supporting files. The most common forms of web-based Java application are the Java applet and the Java Web Start (JWS) application. One of the components of the JRE is the Java Internet Explorer (IE) Browser plugin, which allows embedding an applet or JWS application into an HTML page using the object tag or the applet tag.Problem
The Oracle Java IE Browser Plugin is vulnerable to a stack-based buffer overflow when launching a JWS application. A remote attacker cold gain system access by enticing a user to open a specially crafted web page in IE that embeds a JWS application using the launchjnlp attribute and an overly long docbase attribute.Resolution
Apply the patches detailed in the Oracle Java SE and Java for Business Critical Patch Update Advisory for October 2010.References
http://secunia.com/advisories/41791/http://www.zerodayinitiative.com/advisories/ZDI-10-206/
Limitations
Exploit works on Oracle Java SE and Java for Business containing Oracle JRE 6 Update 21.The user must open the exploit in Internet Explorer 6 or 7.
Platforms
WindowsBack to exploit index