PT-2008-2781 · Sun · Sun Jdk+2

Published

2008-03-06

Updated

2019-07-31

CVE-2008-1188

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sun JDK and JRE versions 5.0 through 5.0 Update 14 Sun JDK and JRE versions 6 through 6 Update 4

Description The issue concerns multiple buffer overflows in the useEncodingDecl function in Java Web Start. This allows remote attackers to execute arbitrary code via a JNLP file with a long key name in the XML header or a long charset value.

Recommendations For Sun JDK and JRE versions 5.0 through 5.0 Update 14, update to a version later than 5.0 Update 14 to resolve the issue. For Sun JDK and JRE versions 6 through 6 Update 4, update to a version later than 6 Update 4 to resolve the issue.

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2008-1188

RHSA-2008:0186

RHSA-2008:0210

RHSA-2008:0267

RHSA-2008:0638

Affected Products

Java Web Start

Sun Jdk

Sun Jre

PT-2008-2781 · Sun · Sun Jdk+2

CVE-2008-1188

Weakness Enumeration

Related Identifiers

Affected Products

References · 34