Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow

Added: 10/15/2010
CVE: CVE-2010-3552
BID: 44023

Background

Oracle Java SE and Java for Business are development platforms for developing and deploying Java applications. They include the Java SE Development Kit (JDK) and the Java Runtime Environment (JRE). The JRE provides the minimum requirements for executing a Java application and consists of the Java Virtual Machine (JVM), core classes and supporting files. The most common forms of web-based Java application are the Java applet and the Java Web Start (JWS) application. One of the components of the JRE is the Java Internet Explorer (IE) Browser plugin, which allows embedding an applet or JWS application into an HTML page using the object tag or the applet tag.

Problem

The Oracle Java IE Browser Plugin is vulnerable to a stack-based buffer overflow when launching a JWS application. A remote attacker cold gain system access by enticing a user to open a specially crafted web page in IE that embeds a JWS application using the launchjnlp attribute and an overly long docbase attribute.

Resolution

Apply the patches detailed in the Oracle Java SE and Java for Business Critical Patch Update Advisory for October 2010.

References

http://secunia.com/advisories/41791/
http://www.zerodayinitiative.com/advisories/ZDI-10-206/

Limitations

Exploit works on Oracle Java SE and Java for Business containing Oracle JRE 6 Update 21.

The user must open the exploit in Internet Explorer 6 or 7.

Platforms

Windows

Back to exploit index