Java Runtime Environment HsbParser.getSoundBank Stack Buffer Overflow

Added: 11/06/2009
CVE: CVE-2009-3867
BID: 36881
OSVDB: 59711

Background

The Java Runtime Environment (JRE) is part of the Java Development Kit (JDK), a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java Virtual Machine (JVM), core classes, and supporting files.

Problem

A stack buffer overflow vulnerability in the way the JRE getSoundbank() function parses long file:// URL arguments allows remote attackers to execute arbitrary commands.

Resolution

Apply one of the solutions shown in Sun Microsystems' response.

References

http://www.zerodayinitiative.com/advisories/ZDI-09-076/

Limitations

Exploit works on Sun Microsystems Java Runtime Environment 6 and requires the user to open the exploit page in Mozilla Firefox 2.0.X.

Platforms

Windows

Back to exploit index