PT-2008-6481 · Oracle+1 · Java Runtime Environment+2

Publicado

2008-12-05

·

Atualizado

2019-10-09

·

CVE-2008-5357

CVSS v2.0

9.3

Alta

VetorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions 6 Update 10 and earlier Java Runtime Environment (JRE) versions 5.0 Update 16 and earlier Java Runtime Environment (JRE) versions 1.4.2 18 and earlier Java Runtime Environment (JRE) versions 1.3.1 23 and earlier
Description The issue is related to an integer overflow in the Java Runtime Environment, which could allow remote attackers to execute arbitrary code. This is achieved through a crafted TrueType font file that triggers a heap-based buffer overflow.
Recommendations For Java Runtime Environment (JRE) versions 6 Update 10 and earlier, update to a version later than Update 10. For Java Runtime Environment (JRE) versions 5.0 Update 16 and earlier, update to a version later than Update 16. For Java Runtime Environment (JRE) versions 1.4.2 18 and earlier, update to a version later than 1.4.2 18. For Java Runtime Environment (JRE) versions 1.3.1 23 and earlier, update to a version later than 1.3.1 23.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

CVE-2008-5357
HPSBUX02411
RHSA-2008:1018
RHSA-2008:1025
RHSA-2009:0016
RHSA-2009:0369
RHSA-2009:0466

Produtos afetados

Hp-Ux
Java Platform
Java Runtime Environment