CVE-2007-5019

Java Web Start ActiveX Control - Buffer Overflow via dnsResolve Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5019. PoCs published by YAG KOHHA.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the `dnsResolve` function of Sun JRE 1.6.0_X via an ActiveX control. It triggers the overflow by passing an excessively long string, leading to a denial-of-service (DoS) condition.

Description

Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 1.6.0_X allows remote attackers to have an unknown impact via a long argument to the dnsResolve (isInstalled.dnsResolve) method.

Exploits (1)

exploitdb WORKING POC VERIFIED
by YAG KOHHA · htmldosmultiple
https://www.exploit-db.com/exploits/4432

This exploit targets a buffer overflow vulnerability in the `dnsResolve` function of Sun JRE 1.6.0_X via an ActiveX control. It triggers the overflow by passing an excessively long string, leading to a denial-of-service (DoS) condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Sun JRE 1.6.0_X
No auth needed
Prerequisites: Victim must have Sun JRE 1.6.0_X installed and ActiveX enabled in a vulnerable browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36682
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25734
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38297
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4432

Scores

EPSS 0.1047
EPSS Percentile 95.2%

Details

CWE
CWE-119
Status published
Products (4)
sun/java_web_start
sun/jre 1.6.0_0
sun/jre 1.6.0_10
sun/sdk 1.3.0
Published Sep 20, 2007
Tracked Since Feb 18, 2026