From: DeskNow Knowledge Base
http://www.desknow.com/kb/

Can DeskNow be subject to buffer overflow attacks?
http://www.desknow.com/kb/idx/13/041/article/

Basically, no.

DeskNow is entirely written in Java, and it inherits all the security benefits of the Java Virtual Machine.

In particular, data and code in a JVM are always clearly separated, and all data bounds are checked.

It is simply not possible to send a 'very long string' to a Java application that overwrites its code with malicious instructions, as it can happen with normal C/C++/Delphi applications.