PT-2008-6470 · Oracle · Java Runtime Environment

Published

2008-12-05

·

Updated

2019-07-31

·

CVE-2008-5346

CVSS v2.0

7.1

High

VectorAV:N/AC:M/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions 5.0 Update 16 and earlier Java Runtime Environment (JRE) versions 1.4.2 18 and earlier Java Runtime Environment (JRE) versions 1.3.1 23 or earlier
Description The issue allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file. This is a result of an unspecified vulnerability in the Java Runtime Environment.
Recommendations For Java Runtime Environment (JRE) versions 5.0 Update 16 and earlier, update to a version later than 5.0 Update 16. For Java Runtime Environment (JRE) versions 1.4.2 18 and earlier, update to a version later than 1.4.2 18. For Java Runtime Environment (JRE) versions 1.3.1 23 or earlier, update to a version later than 1.3.1 23.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2008-5346
RHSA-2008:1025
RHSA-2009:0016
RHSA-2009:0445
RHSA-2009:0466

Affected Products

Java Runtime Environment