Java Runtime Environment JAR manifest Main Class buffer overflow

Added: 02/26/2009
CVE: CVE-2008-5354
BID: 32608
OSVDB: 50499

Background

Java Runtime Environment (JRE) allows end users to run Java applications.

Problem

A buffer overflow vulnerability in JRE allows command execution when a user opens a JAR archive containing a manifest file with a specially crafted Main Class entry.

Resolution

Apply the patch referenced in Sun document 244990.

References

http://www.us-cert.gov/cas/techalerts/TA08-340A.html

Limitations

Exploit works on Java Runtime Environment 1.6 Update 10 and requires a user to open the exploit file.

Execution of this exploit requires the Digest::CRC PERL module. On Linux systems this is typically found in a package named such as libdigest-crc-perl or perl-Digest-CRC.

Platforms

Windows 2000
Windows XP

Back to exploit index