Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2007-3655

Published: 10/07/2007 Updated: 30/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 690
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Sun

Vulnerability Summary

Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and previous versions, and 6.0 Update 1 and previous versions, allows remote malicious users to execute arbitrary code via a long codebase attribute in a JNLP file.

Vulnerable Product Search on Vulmon Subscribe to Product

sun jre 1.5.0

sun jre 1.6.0

Exploits

Exploit DB: Sun Java WebStart - JNLP Stack Buffer Overflow (PoC)
'----------------------------------------------------------------------------------------------- ' Java Web Start Buffer Overflow POC Exploit ' ' FileName: JavaWebStartPOCVBS ' Contact: ZhenHanLiu#ph4nt0morg ' Date: 2007-07-10 ' Team: wwwph4nt0morg ' Enviroment: Tested on JRE 16, javawsexe v60106 ' Reference: seclistsorg/fu ...
Exploit DB: Sun Java Runtime Environment 1.6 - Web Start '.JNLP' File Stack Buffer Overflow
source: wwwsecurityfocuscom/bid/24832/info Sun Java Runtime Environment is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer An attacker can exploit this issue to execute arbitrary code with the privileges of the ...

References

CWE-119http://www.securityfocus.com/bid/24832http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.htmlhttp://research.eeye.com/html/advisories/published/AD20070705.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0818.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0829.htmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1http://www.novell.com/linux/security/advisories/2007_56_ibmjava.htmlhttp://www.securitytracker.com/id?1018346http://secunia.com/advisories/25981http://secunia.com/advisories/26314http://secunia.com/advisories/26369http://secunia.com/advisories/27266http://securityreason.com/securityalert/2874http://docs.info.apple.com/article.html?artnum=307177http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.htmlhttp://secunia.com/advisories/28115http://www.gentoo.org/security/en/glsa/glsa-200804-20.xmlhttp://secunia.com/advisories/29858http://security.gentoo.org/glsa/glsa-200804-28.xmlhttp://secunia.com/advisories/30780http://www.gentoo.org/security/en/glsa/glsa-200806-11.xmlhttp://www.vupen.com/english/advisories/2007/4224http://www.vupen.com/english/advisories/2007/2477http://osvdb.org/37756http://www.exploit-db.com/exploits/30284https://exchange.xforce.ibmcloud.com/vulnerabilities/35320https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11367http://www.securityfocus.com/archive/1/473356/100/0/threadedhttp://www.securityfocus.com/archive/1/473224/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/4168/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook