Sun Java Runtime Environment Web Start JNLP File Stack Buffer Overflow Vulnerability

Bugtraq ID:	24832
Class:	Boundary Condition Error
CVE:	CVE-2007-3655
Remote:	Yes
Local:	No
Published:	Jul 09 2007 12:00AM
Updated:	Jun 26 2008 12:21AM
Credit:	Daniel Soeder working with eEye Digital Security and Brett Moore of Security-Assessment.com are credited with the discovery of this vulnerability.
Vulnerable:	Sun Java 2 Runtime Environment 6.0 Update 1 Sun Java 2 Runtime Environment 5.0.Update 9 Sun Java 2 Runtime Environment 5.0.Update 10 Sun Java 2 Runtime Environment 5.0 Update 8 Sun Java 2 Runtime Environment 5.0 Update 7 Sun Java 2 Runtime Environment 5.0 Update 6 Sun Java 2 Runtime Environment 5.0 Update 5 Sun Java 2 Runtime Environment 5.0 Update 4 Sun Java 2 Runtime Environment 5.0 Update 3 Sun Java 2 Runtime Environment 5.0 Update 2 Sun Java 2 Runtime Environment 5.0 Update 11 Sun Java 2 Runtime Environment 5.0 Update 1 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SUSE Linux Enterprise Server 10 SP1 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SLE SDK 10.SP1 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 8 RedHat Enterprise Linux Supplementary 5 server RedHat Enterprise Linux Extras 4 RedHat Enterprise Linux Desktop Supplementary 5 client Gentoo Linux Gentoo dev-java/ibm-jre-bin 1.5 6 Gentoo dev-java/ibm-jre-bin 1.4.2 10 Gentoo dev-java/ibm-jdk-bin 1.5 6 Gentoo dev-java/ibm-jdk-bin 1.4.2 10 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10

Not Vulnerable:	Sun Java 2 Runtime Environment 6.0 Update 2 Sun Java 2 Runtime Environment 5.0.Update 12 Gentoo dev-java/ibm-jre-bin 1.5 7 Gentoo dev-java/ibm-jre-bin 1.4.2 11 Gentoo dev-java/ibm-jdk-bin 1.5 7 Gentoo dev-java/ibm-jdk-bin 1.4.2 11