vendor:
by:
ZhenHan.Liu
N/A
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name:
Affected Version From: JRE 1.6
Affected Version To: JRE 1.6
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Tested on JRE 1.6, javaws.exe v6.0.10.6
2007
Java Web Start Buffer Overflow POC Exploit
This is a proof-of-concept exploit for a buffer overflow vulnerability in Java Web Start. The exploit takes advantage of a vulnerability in the javaws.exe file, specifically in the sub_406208 subroutine. It pushes various values onto the stack and calls the sub_40544D function multiple times. The exploit is designed to execute a shellcode, but a dummy shellcode is provided in the code and needs to be replaced with a real one.
Mitigation:
To mitigate this vulnerability, it is recommended to update to the latest version of JRE and javaws.exe. Additionally, input validation and bounds checking should be implemented to prevent buffer overflows.