CVE-2007-3655 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-3655
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3655

Description: Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/35320 SUSE http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1 ST 1018346 SREASON http://securityreason.com/securityalert/2874 SAID Secunia Advisory: SA30780 Secunia Advisory: SA29858 Secunia Advisory: SA28115 Secunia Advisory: SA27266 Secunia Advisory: SA25981 Secunia Advisory: SA26314 Secunia Advisory: SA26369 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0818.html http://www.redhat.com/support/errata/RHSA-2007-0829.html MISC http://research.eeye.com/html/advisories/published/AD20070705.html http://docs.info.apple.com/article.html?artnum=307177 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml http://security.gentoo.org/glsa/glsa-200804-28.xml FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/473356/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/473224/100/0/threaded BID 24832 APPLE http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

Return to the previous page.