CVE-2007-3655
Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.
Date published : 2007-07-10
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html