VULHUB ™

iDefense Security Advisory 12.02.08 - Remote exploitation of a memory corruption vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with the privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for an attacker to pass an arbitrary GIF file to the splash logo parsing code. The vulnerability occurs when parsing this GIF file. The parsing code does not correctly validate several values in the GIF header. This lets an attacker write data outside of the bounds of an allocated heap buffer, which can lead to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_10 and 1.6_07 on Windows and Linux. Previous versions may also be affected.

iDefense Security Advisory 12.02.08 - Remote exploitation of a memory corruption vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with the privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for an attacker to pass an arbitrary GIF file to the splash logo parsing code. The vulnerability occurs when parsing this GIF file. The parsing code does not correctly validate several values in the GIF header. This lets an attacker write data outside of the bounds of an allocated heap buffer, which can lead to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_10 and 1.6_07 on Windows and Linux. Previous versions may also be affected.