Sun Java Web Start JNLP File Handling Overflow (102996)

Medium Nessus Plugin ID 25693


The remote Windows host has an application that may be prone to a buffer overflow attack.


There is reportedly a buffer overflow in the Java Web Start utility distributed with the version of Sun Java Runtime Environment (JRE) installed on the remote host. If an attacker can convince a user on the affected host to open a specially crafted JNLP file, arbitrary code could be executed subject to the user's privileges.


Upgrade to Sun Java JDK and JRE 6 Update 2 / JDK and JRE 5.0 Update 12 or later and remove, if necessary, any affected versions.

See Also

Plugin Details

Severity: Medium

ID: 25693

File Name: sun_java_webstart_jnlp_overflow.nasl

Version: $Revision: 1.27 $

Type: local

Agent: windows

Family: Windows

Published: 2007/07/10

Modified: 2017/05/01

Dependencies: 33545

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C


Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:oracle:jre

Required KB Items: SMB/Java/JRE/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/07/09

Vulnerability Publication Date: 2007/07/10

Exploitable With

Core Impact

Reference Information

CVE: CVE-2007-3655

BID: 24832

OSVDB: 37756

EDB-ID: 30284

CWE: 119