Added: 02/26/2009
CVE: CVE-2008-5354
BID: 32608
OSVDB: 50499
Java Runtime Environment (JRE) allows end users to run Java applications.
A buffer overflow vulnerability in JRE allows command execution when a user opens a JAR archive containing a manifest file with a specially crafted Main Class entry.
Apply the patch referenced in Sun document 244990.
<http://www.us-cert.gov/cas/techalerts/TA08-340A.html>
Exploit works on Java Runtime Environment 1.6 Update 10 and requires a user to open the exploit file.
Execution of this exploit requires the Digest::CRC PERL module. On Linux systems this is typically found in a package named such as libdigest-crc-perl or perl-Digest-CRC.
Windows 2000
Windows XP