Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sun Java运行时环境WebStart JNLP文件处理栈溢出漏洞
Vulnerability Description
Java WebStart是用于简化在客户端部署Java应用程序的技术。 Java WebStart在处理畸形格式的JNLP文档时存在漏洞,攻击者可能利用此漏洞通过诱使用户打开处理恶意文件控制用户系统。 Java WebStart中的javaws.exe负责从JNLP文件中获得下载指令。JNLP文件中的jnlp单元包含有codebase属性,在之后的操作中通过sprintf将该属性拷贝到了1K的缓冲区,但拷贝时还附加了到用户临时目录的路径。由于在sprintf之前没有验证长度,因此可以通过恶意codeba
CVSS Information
N/A
Vulnerability Type
N/A