| VID |
28205 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Windows host has a version of Sun Java JRE that is vulnerable to a buffer overflow vulnerability via the JNLP file. Sun Java JDK and JRE 5.0 Update 11 and 6.0 Update 1 and earlier versions could allow a remote attacker to execute arbitrary code on the affected host, caused by a stack-based buffer overflow vulnerability in the Java Web Start component (javaws.exe). By persuading a target user to load a specially-crafted JNLP file with an overly long codebase attribute, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the user. In addition, Sun JDK and JRE versions 6 prior to Update 2 could also allow a remote attacker to execute arbitrary code via a crafted XSLT stylesheet.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102993-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1
http://research.eeye.com/html/advisories/published/AD20070705.html
http://www.isecpartners.com/advisories/2007-04-dsig.txt
http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf
http://www.securityfocus.com/archive/1/473552/30/0/threaded
http://www.securityfocus.com/archive/1/473224/30/0/threaded
http://www.securityfocus.com/archive/1/473356/30/0/threaded
http://www.frsirt.com/english/advisories/2007/2477
http://www.frsirt.com/english/advisories/2007/2492
http://securitytracker.com/alerts/2007/Jul/1018346.html
http://secunia.com/advisories/25981
http://secunia.com/advisories/26031
* Platforms Affected:
Sun Microsystems, Sun Java 2 Platform (J2SE) 5 Update 11 and earlier
Sun Microsystems, Sun Java 2 Platform (J2SE) 6 Update 1 and earlier
Sun Microsystems, Solaris 7, 8, 9
Microsoft Windows Any version |
| Recommendation |
Update to Sun Java JDK and JRE 5.0 Update 12 or later, or JDK and JRE 6 Update 2 or later, available from the following Sun Microsystems, Inc. Web sites:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1
http://java.sun.com/javase/downloads/index_jdk5.jsp
http://java.sun.com/javase/downloads/index.jsp
-- AND --
When upgrading a Java installation on a computer, all previous versions should be uninstalled to prevent them being accessed to run a malicious applet that may exploit latent vulnerabilities that may exist in those other previous versions.
It is also possible to workaround this issue by disabling Java support in the Web browser or any other applications that provide an environment for execution Java applets. |
| Related URL |
CVE-2007-3655,CVE-2007-3716 (CVE) |
| Related URL |
24832,24850 (SecurityFocus) |
| Related URL |
35320 (ISS) |
|
