Sun_Java_Runtime_Environment_Pack200_Decompression_Integer_Overflow_attack

This strike exploits an integer overflow vulnerability in Sun Java Runtime Environment software. The vulnerability is due to insufficient validation while decompressing Pack200 (jar.pack.gz) files. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted HTML file. Successful exploitation may lead to arbitrary code execution on the target. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the logged in user. In an attack case where code injection is not successful, the affected process will terminate abnormally.