Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:JAVA:DOCBASE-BOF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow

Release Date

 2010/12/07

Update Number

 1827

Supported Platforms

 idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow


This signature detects attempts to exploit a known code execution vulnerability in Oracle Java. It is contained in the Java plugin handler for Internet Explorer, JP2IEXP.dll. While parsing the parameter docbase, the value is copied into a fixed length buffer on the stack without validation. This can lead to a stack buffer overflow. An attacker can exploit this by enticing a user to visit a specially crafted Web site. This can lead to arbitrary code execution in the context of the affected application

Extended Description

Oracle Java SE and Java for Business are prone to a remote vulnerability in the Java plug-in for Internet Explorer. An attacker can exploit this vulnerability by using a malicious webpage. Due to a buffer overflow, it is possible for an attacker to execute arbitrary code in the context of the currently logged-in user. This vulnerability affects version 6 Update 21.

Affected Products

  • Avaya Aura Conferencing 6.0 Standard
  • Avaya Proactive Contact 3.0
  • Avaya Proactive Contact 3.0.2
  • Avaya Proactive Contact 3.0.3
  • Gentoo Linux
  • HP HP-UX B.11.11
  • HP HP-UX B.11.11
  • HP HP-UX B.11.23
  • HP HP-UX B.11.23
  • HP HP-UX B.11.23
  • HP HP-UX B.11.31
  • HP HP-UX B.11.31
  • Red Hat Enterprise Linux Desktop Supplementary 5 Client
  • Red Hat Enterprise Linux Extras 4
  • Red Hat Enterprise Linux Extras 4.8.Z
  • Red Hat Enterprise Linux Supplementary 5 Server
  • Sun JDK (Linux Production Release) 1.6.0
  • Sun JDK (Linux Production Release) 1.6.0 01
  • Sun JDK (Linux Production Release) 1.6.0 01-B06
  • Sun JDK (Linux Production Release) 1.6.0 02
  • Sun JDK (Linux Production Release) 1.6.0 03
  • Sun JDK (Linux Production Release) 1.6.0 04
  • Sun JDK (Linux Production Release) 1.6.0 05
  • Sun JDK (Linux Production Release) 1.6.0 06
  • Sun JDK (Linux Production Release) 1.6.0 07
  • Sun JDK (Linux Production Release) 1.6.0 10
  • Sun JDK (Linux Production Release) 1.6.0 11
  • Sun JDK (Linux Production Release) 1.6.0 13
  • Sun JDK (Linux Production Release) 1.6.0 14
  • Sun JDK (Linux Production Release) 1.6.0 15
  • Sun JDK (Linux Production Release) 1.6.0 17
  • Sun JDK (Linux Production Release) 1.6.0 18
  • Sun JDK (Linux Production Release) 1.6.0 19
  • Sun JDK (Linux Production Release) 1.6.0 20
  • Sun JDK (Linux Production Release) 1.6.0_21
  • Sun JDK (Solaris Production Release) 1.6.0
  • Sun JDK (Solaris Production Release) 1.6.0 01
  • Sun JDK (Solaris Production Release) 1.6.0 01-B06
  • Sun JDK (Solaris Production Release) 1.6.0 02
  • Sun JDK (Solaris Production Release) 1.6.0 03
  • Sun JDK (Solaris Production Release) 1.6.0 04
  • Sun JDK (Solaris Production Release) 1.6.0 05
  • Sun JDK (Solaris Production Release) 1.6.0 06
  • Sun JDK (Solaris Production Release) 1.6.0 07
  • Sun JDK (Solaris Production Release) 1.6.0 10
  • Sun JDK (Solaris Production Release) 1.6.0 11
  • Sun JDK (Solaris Production Release) 1.6.0 13
  • Sun JDK (Solaris Production Release) 1.6.0 14
  • Sun JDK (Solaris Production Release) 1.6.0 15
  • Sun JDK (Solaris Production Release) 1.6.0 17
  • Sun JDK (Solaris Production Release) 1.6.0 18
  • Sun JDK (Solaris Production Release) 1.6.0 19
  • Sun JDK (Solaris Production Release) 1.6.0 20
  • Sun JDK (Solaris Production Release) 1.6.0_21
  • Sun JDK (Windows Production Release) 1.6.0
  • Sun JDK (Windows Production Release) 1.6.0 01
  • Sun JDK (Windows Production Release) 1.6.0 01-B06
  • Sun JDK (Windows Production Release) 1.6.0 02
  • Sun JDK (Windows Production Release) 1.6.0 03
  • Sun JDK (Windows Production Release) 1.6.0 04
  • Sun JDK (Windows Production Release) 1.6.0 05
  • Sun JDK (Windows Production Release) 1.6.0 06
  • Sun JDK (Windows Production Release) 1.6.0 07
  • Sun JDK (Windows Production Release) 1.6.0 10
  • Sun JDK (Windows Production Release) 1.6.0 11
  • Sun JDK (Windows Production Release) 1.6.0 13
  • Sun JDK (Windows Production Release) 1.6.0 14
  • Sun JDK (Windows Production Release) 1.6.0 15
  • Sun JDK (Windows Production Release) 1.6.0 17
  • Sun JDK (Windows Production Release) 1.6.0 18
  • Sun JDK (Windows Production Release) 1.6.0 19
  • Sun JDK (Windows Production Release) 1.6.0 20
  • Sun JDK (Windows Production Release) 1.6.0_21
  • Sun JRE (Linux Production Release) 1.6.0
  • Sun JRE (Linux Production Release) 1.6.0 01
  • Sun JRE (Linux Production Release) 1.6.0 02
  • Sun JRE (Linux Production Release) 1.6.0 03
  • Sun JRE (Linux Production Release) 1.6.0 04
  • Sun JRE (Linux Production Release) 1.6.0 05
  • Sun JRE (Linux Production Release) 1.6.0 06
  • Sun JRE (Linux Production Release) 1.6.0 07
  • Sun JRE (Linux Production Release) 1.6.0 10
  • Sun JRE (Linux Production Release) 1.6.0 11
  • Sun JRE (Linux Production Release) 1.6.0 12
  • Sun JRE (Linux Production Release) 1.6.0 13
  • Sun JRE (Linux Production Release) 1.6.0 14
  • Sun JRE (Linux Production Release) 1.6.0 15
  • Sun JRE (Linux Production Release) 1.6.0 17
  • Sun JRE (Linux Production Release) 1.6.0 18
  • Sun JRE (Linux Production Release) 1.6.0 19
  • Sun JRE (Linux Production Release) 1.6.0 20
  • Sun JRE (Linux Production Release) 1.6.0_21
  • Sun JRE (Solaris Production Release) 1.6.0
  • Sun JRE (Solaris Production Release) 1.6.0 01
  • Sun JRE (Solaris Production Release) 1.6.0 02
  • Sun JRE (Solaris Production Release) 1.6.0 03
  • Sun JRE (Solaris Production Release) 1.6.0 04
  • Sun JRE (Solaris Production Release) 1.6.0 05
  • Sun JRE (Solaris Production Release) 1.6.0 06
  • Sun JRE (Solaris Production Release) 1.6.0 07
  • Sun JRE (Solaris Production Release) 1.6.0 10
  • Sun JRE (Solaris Production Release) 1.6.0 11
  • Sun JRE (Solaris Production Release) 1.6.0 12
  • Sun JRE (Solaris Production Release) 1.6.0 13
  • Sun JRE (Solaris Production Release) 1.6.0 14
  • Sun JRE (Solaris Production Release) 1.6.0 15
  • Sun JRE (Solaris Production Release) 1.6.0 17
  • Sun JRE (Solaris Production Release) 1.6.0 18
  • Sun JRE (Solaris Production Release) 1.6.0 19
  • Sun JRE (Solaris Production Release) 1.6.0 2
  • Sun JRE (Solaris Production Release) 1.6.0_21
  • Sun JRE (Windows Production Release) 1.6.0
  • Sun JRE (Windows Production Release) 1.6.0 01
  • Sun JRE (Windows Production Release) 1.6.0 02
  • Sun JRE (Windows Production Release) 1.6.0 03
  • Sun JRE (Windows Production Release) 1.6.0 04
  • Sun JRE (Windows Production Release) 1.6.0 05
  • Sun JRE (Windows Production Release) 1.6.0 06
  • Sun JRE (Windows Production Release) 1.6.0 07
  • Sun JRE (Windows Production Release) 1.6.0 10
  • Sun JRE (Windows Production Release) 1.6.0 11
  • Sun JRE (Windows Production Release) 1.6.0 12
  • Sun JRE (Windows Production Release) 1.6.0 13
  • Sun JRE (Windows Production Release) 1.6.0 14
  • Sun JRE (Windows Production Release) 1.6.0 15
  • Sun JRE (Windows Production Release) 1.6.0 17
  • Sun JRE (Windows Production Release) 1.6.0 18
  • Sun JRE (Windows Production Release) 1.6.0 19
  • Sun JRE (Windows Production Release) 1.6.0 2
  • Sun JRE (Windows Production Release) 1.6.0 20
  • Sun JRE (Windows Production Release) 1.6.0_21
  • SuSE openSUSE 11.1
  • SuSE openSUSE 11.2
  • SuSE openSUSE 11.3
  • SuSE SUSE Linux Enterprise 11
  • SuSE SUSE Linux Enterprise 11 SP1
  • VMWare ESX 4.1
  • VMWare ESX 4.1 Update 1
  • VMWare vCenter 4.1
  • VMWare vCenter 4.1 Update 1

References

  • BugTraq: 44023
  • CVE: CVE-2010-3552

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out