1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Java Plugin LaunchJNLP DocBase CVE-2010-3552

Web Attack: Java Plugin LaunchJNLP DocBase CVE-2010-3552

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a remote buffer overflow vulnerability in Java Plug-in for Internet Explorer.

Additional Information

Oracle Java SE and Java for Business are prone to a remote vulnerability in the Java plug-in for Internet Explorer.

An attacker can exploit the vulnerability by using a malicious Web page. The vulnerability occurs when the 'docbase' parameter is parsed from an applet. The parameter is copied into a buffer of fixed length on the application's stack. If the parameter exceeds the length allocation to the buffer, a buffer overflow can over, allowing the attacker to corrupt adjacent locations in memory. Due to the buffer overflow, it is possible for an attacker to execute arbitrary code in the context of the currently logged-in user.

This vulnerability affects the following supported versions:
6 Update 21

Affected

  • Sun JRE (Windows Production Release) 1.6 _17
  • Sun JRE (Windows Production Release) 1.6 _13
  • Sun JRE (Windows Production Release) 1.6 _12
  • Sun JRE (Windows Production Release) 1.6 _10
  • Sun JRE (Windows Production Release) 1.6 _07
  • Sun JRE (Windows Production Release) 1.6 _06
  • Sun JRE (Windows Production Release) 1.6 _05
  • Sun JRE (Windows Production Release) 1.6 _04
  • Sun JRE (Windows Production Release) 1.6
  • Sun JRE (Windows Production Release) 1.6.0_21
  • Sun JRE (Windows Production Release) 1.6.0_20
  • Sun JRE (Windows Production Release) 1.6.0_2
  • Sun JRE (Windows Production Release) 1.6.0_19
  • Sun JRE (Windows Production Release) 1.6.0_18
  • Sun JRE (Windows Production Release) 1.6.0_15
  • Sun JRE (Windows Production Release) 1.6.0_14
  • Sun JRE (Windows Production Release) 1.6.0_11
  • Sun JRE (Windows Production Release) 1.6.0_03
  • Sun JRE (Windows Production Release) 1.6.0_02
  • Sun JRE (Windows Production Release) 1.6.0_01
  • Sun JRE (Solaris Production Release) 1.6 _17
  • Sun JRE (Solaris Production Release) 1.6 _13
  • Sun JRE (Solaris Production Release) 1.6 _12
  • Sun JRE (Solaris Production Release) 1.6 _10
  • Sun JRE (Solaris Production Release) 1.6 _07
  • Sun JRE (Solaris Production Release) 1.6 _06
  • Sun JRE (Solaris Production Release) 1.6 _05
  • Sun JRE (Solaris Production Release) 1.6 _04
  • Sun JRE (Solaris Production Release) 1.6
  • Sun JRE (Solaris Production Release) 1.6.0_21
  • Sun JRE (Solaris Production Release) 1.6.0_2
  • Sun JRE (Solaris Production Release) 1.6.0_19
  • Sun JRE (Solaris Production Release) 1.6.0_18
  • Sun JRE (Solaris Production Release) 1.6.0_15
  • Sun JRE (Solaris Production Release) 1.6.0_14
  • Sun JRE (Solaris Production Release) 1.6.0_11
  • Sun JRE (Solaris Production Release) 1.6.0_03
  • Sun JRE (Solaris Production Release) 1.6.0_02
  • Sun JRE (Solaris Production Release) 1.6.0_01
  • Sun JRE (Linux Production Release) 1.6 _17
  • Sun JRE (Linux Production Release) 1.6 _13
  • Sun JRE (Linux Production Release) 1.6 _12
  • Sun JRE (Linux Production Release) 1.6 _10
  • Sun JRE (Linux Production Release) 1.6 _07
  • Sun JRE (Linux Production Release) 1.6 _06
  • Sun JRE (Linux Production Release) 1.6 _05
  • Sun JRE (Linux Production Release) 1.6 _04
  • Sun JRE (Linux Production Release) 1.6
  • Sun JRE (Linux Production Release) 1.6.0_21
  • Sun JRE (Linux Production Release) 1.6.0_20
  • Sun JRE (Linux Production Release) 1.6.0_19
  • Sun JRE (Linux Production Release) 1.6.0_18
  • Sun JRE (Linux Production Release) 1.6.0_15
  • Sun JRE (Linux Production Release) 1.6.0_14
  • Sun JRE (Linux Production Release) 1.6.0_11
  • Sun JRE (Linux Production Release) 1.6.0_03
  • Sun JRE (Linux Production Release) 1.6.0_02
  • Sun JRE (Linux Production Release) 1.6.0_01
  • Sun JDK (Windows Production Release) 1.6 _17
  • Sun JDK (Windows Production Release) 1.6 _14
  • Sun JDK (Windows Production Release) 1.6 _13
  • Sun JDK (Windows Production Release) 1.6 _11
  • Sun JDK (Windows Production Release) 1.6 _10
  • Sun JDK (Windows Production Release) 1.6 _07
  • Sun JDK (Windows Production Release) 1.6 _06
  • Sun JDK (Windows Production Release) 1.6 _05
  • Sun JDK (Windows Production Release) 1.6 _04
  • Sun JDK (Windows Production Release) 1.6
  • Sun JDK (Windows Production Release) 1.6.0_21
  • Sun JDK (Windows Production Release) 1.6.0_20
  • Sun JDK (Windows Production Release) 1.6.0_19
  • Sun JDK (Windows Production Release) 1.6.0_18
  • Sun JDK (Windows Production Release) 1.6.0_15
  • Sun JDK (Windows Production Release) 1.6.0_03
  • Sun JDK (Windows Production Release) 1.6.0_02
  • Sun JDK (Windows Production Release) 1.6.0_01-b06
  • Sun JDK (Windows Production Release) 1.6.0_01
  • Sun JDK (Solaris Production Release) 1.6 _17
  • Sun JDK (Solaris Production Release) 1.6 _14
  • Sun JDK (Solaris Production Release) 1.6 _13
  • Sun JDK (Solaris Production Release) 1.6 _11
  • Sun JDK (Solaris Production Release) 1.6 _10
  • Sun JDK (Solaris Production Release) 1.6 _07
  • Sun JDK (Solaris Production Release) 1.6 _06
  • Sun JDK (Solaris Production Release) 1.6 _05
  • Sun JDK (Solaris Production Release) 1.6 _04
  • Sun JDK (Solaris Production Release) 1.6 _01-b06
  • Sun JDK (Solaris Production Release) 1.6
  • Sun JDK (Solaris Production Release) 1.6.0_21
  • Sun JDK (Solaris Production Release) 1.6.0_20
  • Sun JDK (Solaris Production Release) 1.6.0_19
  • Sun JDK (Solaris Production Release) 1.6.0_18
  • Sun JDK (Solaris Production Release) 1.6.0_15
  • Sun JDK (Solaris Production Release) 1.6.0_03
  • Sun JDK (Solaris Production Release) 1.6.0_02
  • Sun JDK (Solaris Production Release) 1.6.0_01
  • Sun JDK (Linux Production Release) 1.6 _17
  • Sun JDK (Linux Production Release) 1.6 _14
  • Sun JDK (Linux Production Release) 1.6 _13
  • Sun JDK (Linux Production Release) 1.6 _11
  • Sun JDK (Linux Production Release) 1.6 _10
  • Sun JDK (Linux Production Release) 1.6 _07
  • Sun JDK (Linux Production Release) 1.6 _06
  • Sun JDK (Linux Production Release) 1.6 _05
  • Sun JDK (Linux Production Release) 1.6 _04
  • Sun JDK (Linux Production Release) 1.6 _01-b06
  • Sun JDK (Linux Production Release) 1.6 _01
  • Sun JDK (Linux Production Release) 1.6
  • Sun JDK (Linux Production Release) 1.6.0_21
  • Sun JDK (Linux Production Release) 1.6.0_20
  • Sun JDK (Linux Production Release) 1.6.0_19
  • Sun JDK (Linux Production Release) 1.6.0_18
  • Sun JDK (Linux Production Release) 1.6.0_15
  • Sun JDK (Linux Production Release) 1.6.0_03
  • Sun JDK (Linux Production Release) 1.6.0_02
  • RedHat Enterprise Linux Supplementary 5 server
  • RedHat Enterprise Linux Extras 4.8.z
  • RedHat Enterprise Linux Extras 4
  • RedHat Enterprise Linux Desktop Supplementary 5 client

Response

Vendor updates are available. Please contact the vendor for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube