eEye Digital Security has discovered a stack buffer overflow in Java WebStart, a utility installed with Java Runtime Environment for the purpose of managing the download of Java applications. By opening a malicious JNLP file, a user's system may be compromised by arbitrary code within the file, which executes with the privileges of that user. Systems affected are Java Runtime Environment 6 update 1 and below and Java Runtime Environment 5 update 11 and below.
4634c67fe886c62ca9877c8e797c11203f134b24b6f4f56bbd706b71a5db40d7