Sun Java JRE jpiexp32.dll NULL Pointer Remote DoS
Medium Nessus Plugin ID 30148
SynopsisThe remote Windows host has an application that is prone to a denial of service attack.
DescriptionAccording to its version number, the Sun Java Runtime Environment (JRE) installed on the remote host reportedly contains an issue in 'jpiexp32.dll' that can lead to a NULL pointer exception when an HTML object references a Java applet but does not define the 'name' attribute. If a remote attacker can trick a user on the affected host into visiting a specially crafted web page, this issue could be leveraged to cause the JRE and Internet Explorer to crash.
SolutionUpgrade to Sun Java 2 JDK and JRE 5.0 update 14 or later.