CVE-2008-3111

Name of the Vulnerable Software and Affected Versions: JDK and JRE 6 versions 6.0 through 6.0 Update 3 JDK and JRE 5.0 versions 5.0 through 5.0 Update 15 SDK and JRE 1.4.x versions 1.4.x through 1.4.2 17

Description: The issue allows context-dependent attackers to gain privileges via an untrusted application. This can be demonstrated by an application that grants itself privileges to read local files, write to local files, or execute local programs. A long value associated with a java-vm-args attribute in a j2se tag in a JNLP file can trigger a stack-based buffer overflow in the GetVMArgsOption function.

Recommendations: For JDK and JRE 6 versions 6.0 through 6.0 Update 3, update to Update 4 or later. For JDK and JRE 5.0 versions 5.0 through 5.0 Update 15, update to Update 16 or later. For SDK and JRE 1.4.x versions 1.4.x through 1.4.2 17, update to 1.4.2 18 or later.