Sun Java Web Start JNLP file j2se element heap-size buffer overflow

Added: 07/23/2008
CVE: CVE-2008-3111
BID: 30148
OSVDB: 46959


Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment (JRE).


A buffer overflow vulnerability in Sun Java Web Start allows command execution when the user opens a JNLP file containing a j2se element with a long, specially crafted initial-heap-size or max-heap-size parameter.


Upgrade to JDK and JRE 6 Update 7 or later, JDK and JRE 5.0 Update 16 or later, or SDK and JRE 1.4.2_18 or later.



Exploit works on Sun Java Runtime Environment (JRE) 6 Update 3 and requires a user to load the exploit file.

This exploit may not work on unpatched versions of Windows XP SP2.


Windows 2000
Windows XP
Red Hat Enterprise Linux 4

Back to exploit index