Zero Day Initiative Advisory 09-050 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the code that handles loading a custom JPEG splash screen for a WebStart application. While handling certain parts of the splash screen, javaws.exe makes an improper calculation which is later used for an allocation. Later during decompression, Java Web Start will write data into this mis-allocated buffer resulting in a heap-based buffer overflow and eventual code execution under the context of the current user.
ca7d543314563c01cb76f03850630e04c3f3bbe875fb0a9b6887812d3e2a5e75
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed