| Last Updated Date | Sep 15, 2009 |
| Release Date | Sep 05, 2008 |
| Severity | Critical |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attack attempt to exploit a buffer overflow vulnerability in Sun Java Web Start. The vulnerability is caused by a bound checking error in handling XML based JNLP files. |
| Affected Products | Sun JDK and JRE 6 Update 6 and earlier
Sun JDK and JRE 5.0 Update 15 and earlier
Sun SDK and JRE 1.4.2_17 and earlier
Sun SDK and JRE 1.3.1_22 and earlier |
| Recommended Actions | Apply patch, available from the web site.
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238905-1 |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-3111
|
| Reference/s | http://www.securityfocus.com/bid/30148 (BugTraq)
http://www.vupen.com/english/advisories/2008/2056 (FrSIRT)
|