Description: A vulnerability has been reported in Sun Java Web Start, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the Java Web Start component (javaws.exe) when processing JNLP files. This can be exploited to cause a stack-based buffer overflow via a specially crafted JNLP file with an overly long codebase attribute.
Successful exploitation allows execution of arbitrary code e.g. when a user visits a malicious website.
The vulnerability is reported in the following versions:
* JRE and JDK 6 Update 1 and earlier
* JRE and JDK 5 Update 11, and earlier
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
