Published: 05/12/2008 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and previous versions, and JDK and JRE 5.0 Update 16 and previous versions, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun jre 6
sun jdk 6
sun jdk 5.0
sun jre 5.0
sun jre
sun jdk

It was discovered that Java did not correctly handle untrusted applets If a user were tricked into running a malicious applet, a remote attacker could gain user privileges, or list directory contents (CVE-2008-5347, CVE-2008-5350) ...

Synopsis Critical: java-150-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-150-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by the R ...

Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that correct several security issues arenow available for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by t ...

Synopsis Low: java-150-ibm security update Type/Severity Security Advisory: Low Topic Updated java-150-ibm packages that fix several security issues are nowavailable for Red Hat Network Satellite ServerThis update has been rated as having low security impact by the Red HatSecurity Response Team ...

Synopsis Critical: java-160-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by the R ...

Synopsis Critical: java-150-sun security update Type/Severity Security Advisory: Critical Topic Updated java-150-sun packages that correct several security issues arenow available for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by t ...

CWE-189 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=759 http://sunsolve.sun.com/search/document.do?assetkey=1-26-244992-1 http://secunia.com/advisories/32991 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rhn.redhat.com/errata/RHSA-2008-1025.html http://secunia.com/advisories/33015 http://www.securityfocus.com/bid/32608 http://secunia.com/advisories/33710 http://www.us-cert.gov/cas/techalerts/TA08-340A.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://secunia.com/advisories/33709 http://www.redhat.com/support/errata/RHSA-2009-0015.html http://secunia.com/advisories/33528 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm http://www.redhat.com/support/errata/RHSA-2009-0016.html http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=http://secunia.com/advisories/34259 http://secunia.com/advisories/34972 https://rhn.redhat.com/errata/RHSA-2009-0466.html http://osvdb.org/50501 http://www.securitytracker.com/id?1021312 http://security.gentoo.org/glsa/glsa-200911-02.xml http://secunia.com/advisories/37386 http://www.vupen.com/english/advisories/2008/3339 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6383 https://usn.ubuntu.com/713-1/https://nvd.nist.gov

CVE-2008-5352

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect