Unrated severityNVD Advisory· Published Jul 10, 2007· Updated Apr 23, 2026

CVE-2007-3655

Description

Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.

Affected products

Sun Corporation/Jre12 versions
cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/24832nvdExploit
secunia.com/advisories/25981nvdVendor Advisory
secunia.com/advisories/26314nvdVendor Advisory
secunia.com/advisories/26369nvdVendor Advisory
secunia.com/advisories/27266nvdVendor Advisory
secunia.com/advisories/28115nvdVendor Advisory
secunia.com/advisories/29858nvdVendor Advisory
secunia.com/advisories/30780nvdVendor Advisory
www.vupen.com/english/advisories/2007/2477nvdVendor Advisory
www.vupen.com/english/advisories/2007/4224nvdVendor Advisory
docs.info.apple.com/article.htmlnvd
lists.apple.com/archives/Security-announce/2007/Dec/msg00001.htmlnvd
lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.htmlnvd
osvdb.org/37756nvd
research.eeye.com/html/advisories/published/AD20070705.htmlnvd
security.gentoo.org/glsa/glsa-200804-28.xmlnvd
securityreason.com/securityalert/2874nvd
sunsolve.sun.com/search/document.donvd
www.exploit-db.com/exploits/30284nvd
www.gentoo.org/security/en/glsa/glsa-200804-20.xmlnvd
www.gentoo.org/security/en/glsa/glsa-200806-11.xmlnvd
www.novell.com/linux/security/advisories/2007_56_ibmjava.htmlnvd
www.redhat.com/support/errata/RHSA-2007-0818.htmlnvd
www.redhat.com/support/errata/RHSA-2007-0829.htmlnvd
www.securityfocus.com/archive/1/473224/100/0/threadednvd
www.securityfocus.com/archive/1/473356/100/0/threadednvd
www.securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/35320nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11367nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.050
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000