CVE-2008-1188

Name of the Vulnerable Software and Affected Versions Sun JDK and JRE versions 5.0 through 5.0 Update 14 Sun JDK and JRE versions 6 through 6 Update 4

Description The issue concerns multiple buffer overflows in the useEncodingDecl function in Java Web Start. This allows remote attackers to execute arbitrary code via a JNLP file with a long key name in the XML header or a long charset value.

Recommendations For Sun JDK and JRE versions 5.0 through 5.0 Update 14, update to a version later than 5.0 Update 14 to resolve the issue. For Sun JDK and JRE versions 6 through 6 Update 4, update to a version later than 6 Update 4 to resolve the issue.