Signature Detail
Short Name |
HTTP:STC:ACTIVEX:JRE-DNSRESOLVE |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Sun JRE isInstalled.dnsResolve Function Memory Exception |
Release Date |
2010/10/15 |
Update Number |
1794 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Sun JRE isInstalled.dnsResolve Function Memory Exception
This signature detects attempts to exploit a known design weakness vulnerability in the way Sun Java Web Start ActiveX control handles user supplied data. Specifically, it is due to improper validation of user supplied data in the isInstalled.dnsResolve ActiveX control method. A remote attacker can exploit this by enticing the target user to open a malicious Web page, which if successful, causes the browser to terminate abnormally and create a denial-of service condition.
Extended Description
Sun Java Web Start ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. The version of Sun Java Web Start included with Sun JRE 1.6.0 is vulnerable to this issue; other versions may also be affected.
Affected Products
- Sun Java Web Start
- Sun JRE (Linux Production Release) 1.6.0
- Sun JRE (Linux Production Release) 1.6.0 10
References
- BugTraq: 25734
- CVE: CVE-2007-5019