Java Runtime Environment HsbParser.getSoundBank Stack Buffer Overflow
Added: 11/06/2009CVE: CVE-2009-3867
BID: 36881
OSVDB: 59711
Background
The Java Runtime Environment (JRE) is part of the Java Development Kit (JDK), a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java Virtual Machine (JVM), core classes, and supporting files.Problem
A stack buffer overflow vulnerability in the way the JRE getSoundbank() function parses long file:// URL arguments allows remote attackers to execute arbitrary commands.Resolution
Apply one of the solutions shown in Sun Microsystems' response.References
http://www.zerodayinitiative.com/advisories/ZDI-09-076/Limitations
Exploit works on Sun Microsystems Java Runtime Environment 6 and requires the user to open the exploit page in Mozilla Firefox 2.0.X.Platforms
WindowsBack to exploit index