Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-3655Improper Restriction of Operations within the Bounds of a Memory Buffer in JRE

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
65.5%
top 1.50%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SUN JRE
Timeline
PublishedJul 10
Latest updateMay 1

Description

Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDsun/jre1.5.0, 1.6.0+1

🔴Vulnerability Details

2
GHSA
GHSA-mhwx-cv4j-f56v: Stack-based buffer overflow in javaws2022-05-01
CVEList
CVE-2007-3655: Stack-based buffer overflow in javaws2007-07-10

💥Exploits & PoCs

2
Exploit-DB
Sun Java WebStart - JNLP Stack Buffer Overflow (PoC)2007-07-10
Exploit-DB
Sun Java Runtime Environment 1.6 - Web Start '.JNLP' File Stack Buffer Overflow2007-07-09

📋Vendor Advisories

1
Red Hat
A buffer overflow vulnerability in Java Web Start URL parsing code2007-07-10

💬Community

1
Bugzilla
CVE-2007-3655 A buffer overflow vulnerability in Java Web Start URL parsing code2007-07-19
CVE-2007-3655 — SUN JRE vulnerability | cvebase