Sun Java Runtime Environment Heap-Based Buffer Overflow Vulnerability

vendor:

Java Runtime Environment

by:

SecurityFocus

9.3

CVSS

HIGH

Heap-Based Buffer Overflow

119

CWE

Product Name: Java Runtime Environment

Affected Version From: JDK and JRE 6 prior to Update 5, JDK and JRE 5.0 prior to Update 15, SDK and JRE prior to 1.4.2_17, SDK and JRE prior to 1.3.1_22

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Sun Java Runtime Environment Heap-Based Buffer Overflow Vulnerability

Sun Java Runtime Environment is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.

Mitigation:

Users should upgrade to the latest version of Sun Java Runtime Environment.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/28125/info

Sun Java Runtime Environment is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.

This issue affects the following products and versions:

JDK and JRE 6 prior to Update 5
JDK and JRE 5.0 prior to Update 15
SDK and JRE prior to 1.4.2_17
SDK and JRE prior to 1.3.1_22

This vulnerability was previously covered in BID 28083 (Sun Java SE Multiple Security Vulnerabilities), but has been given its own record to better document the issue. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/31343.jpg