Sun Java Web Start JPEG Header Parsing Integer Overflow Vulnerability
ZDI-09-050: August 5th, 2009Affected Vendors
Affected Products
-
Java Runtime
Vulnerability Details
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists within the code that handles loading a custom JPEG splash screen for a WebStart application. While handling certain parts of the splash screen, javaws.exe makes an improper calculation which is later used for an allocation. Later during decompression, Java Web Start will write data into this mis-allocated buffer resulting in a heap-based buffer overflow and eventual code execution under the context of the current user.
Vendor Response
Sun Microsystems has issued an update to correct this vulnerability. More details can be found at:Disclosure Timeline
-
2009-03-26 - Vulnerability reported to vendor
2009-08-05 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:-
Anonymous
