""ET WEB_CLIENT Oracle Java 6 Object Tag launchjnlp docbase Parameters Buffer Overflow""

SID: 2012100

Revision: 5

Class Type: attempted-user

Metadata: affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2010_12_22, cve CVE_2010_3552, deployment Perimeter, confidence High, signature_severity Major, tag Web_Client_Attacks, updated_at 2014_04_21

Reference:

  • bid

  • 44023

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: to_client,established

Contents:

  • Value: "ZwProtectVirtualMemory|22|"

  • Value: "strDup|28|"

  • Value: "<object|20|"

  • Value: "application|2f|x|2d|java|2d|applet"

  • Value: "|3c|param|20|name"

  • Value: "|22|launchjnlp|22|"

  • Value: "|3c|param|20|name"

  • Value: "|22|docbase|22|"

  • Value: "|3c|fieldset|3e 3c|legend|3e|"

  • Value: "object"

  • Value: "|2e|innerHTML"

Within: 10

PCRE:

Special Options:

source