CVE-2008-3111

Sun Java Web Start < Update 4 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.

References (32)

Core 32
Core References
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=122331139823057&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31600
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32018
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200911-02.xml
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32179
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2740
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31320
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43664
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2056/references
Patch vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31055
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32180
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31736
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3178
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020452
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30148
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31497
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-08-043/
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/497041/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/494505/100/0/threaded
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0790.html
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-193A.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37386
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3179
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0595.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31010

Scores

EPSS 0.1336
EPSS Percentile 94.3%

Details

CWE
CWE-119 CWE-20
Status published
Products (21)
sun/jdk 5.0 update_1 (15 CPE variants)
sun/jdk 6 update_1 (3 CPE variants)
sun/jre 1.4
sun/jre 1.4.2_01
sun/jre 1.4.2_02
sun/jre 1.4.2_03
sun/jre 1.4.2_04
sun/jre 1.4.2_05
sun/jre 1.4.2_06
sun/jre 1.4.2_07
... and 11 more
Published Jul 09, 2008
Tracked Since Feb 18, 2026