SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#223028

Sun Java WebStart stack buffer overflow

Overview

Sun Java WebStart contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

Sun Java WebStart is a technology for launching stand-alone Java applications. On Microsoft Windows systems, Java WebStart is provided by the program javaws.exe, which is included with the Sun Java Runtime Environment (JRE). Java WebStart operates by processing a JNLP file, which is an XML document that contains information about the Java application to execute. The Sun JRE installer configures Internet Explorer and Netscape Navigator to automatically open JNLP files without any user interaction.

Java WebStart contains a stack buffer overflow in the handling of JNLP files. This vulnerability can be exploited to execute arbitrary code as the result of opening a specially-crafted JNLP file, which can occur as the result of viewing a malicious web site. We have received reports that this vulnerability is being actively exploited.

II. Impact

By convincing a user to open a specially-crafted JNLP file, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. This may occur as the result of viewing a specially-crafted web page.

III. Solution

Apply an update

This issue is addressed in the following Java versions:

  • JDK and JRE 6 Update 5
  • JDK and JRE 5.0 Update 15
  • SDK and JRE 1.4.2_17
Please see Sun Alert 233327 for more details and additional workarounds.

Delete the Windows file association for JNLP files
The file association for JNLP files on windows systems can be removed by deleting the following registry keys:
    HKLM\Software\Classes\.jnlp
    HKLM\Software\Classes\MIME\Database\Content Type\application/x-java-jnlp-file
    HKLM\Software\Classes\JNLPfile
Disable the Java WebStart ActiveX control in Internet Explorer
The Java WebStart ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID:
    {5852F5ED-8BF4-11D4-A245-0080C6F74284}
More information about how to set the kill bit is available in Microsoft Support Document 240797. Alternatively, the following text can be saved as a .REG file and imported to set the kill bit for this control:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5852F5ED-8BF4-11D4-A245-0080C6F74284}]
    "Compatibility Flags"=dword:00000400

Systems Affected
VendorStatusDate Updated
Sun Microsystems, Inc.Vulnerable6-Mar-2008

References


http://sunsolve.sun.com/search/document.do?assetkey=1-66-233327-1
http://java.sun.com/products/javawebstart/
http://support.microsoft.com/kb/240797

Credit

This document was written by Will Dormann.

Other Information

Date Public03/06/2008
Date First Published03/06/2008 08:18:25 AM
Date Last Updated03/07/2008
CERT Advisory 
CVE NameCVE-2008-1196
US-CERT Technical Alerts 
Metric27.70
Document Revision25

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader