Oracle Java Web Start JNLP Double Quote Remote Code Execution VulnerabilityZDI-12-037: February 22nd, 2012
TippingPoint™ IPS Customer ProtectionTippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 12106. For further product information on the TippingPoint IPS:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Webstart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within javaws.exe . Java Web Start does not safely handle double quotes that are placed anywhere except the beginning of certain property names in JNLP files. As a result, double quotes can be used to inject arbitrary command-line arguments into a javaw.exe process. Leveraging this would allow a remote attacker to execute code under the context of the user.
Vendor ResponseOracle has issued an update to correct this vulnerability. More details can be found at:
2011-10-28 - Vulnerability reported to vendor
2012-02-22 - Coordinated public release of advisory
CreditThis vulnerability was discovered by: