CVE-2008-3440
CVE-2008-3440 affects Sun Java 1.6.0_03 and earlier (potentially later versions) where updater authenticity is not properly verified, enabling a man-in-the-middle attacker to run arbitrary code via a Trojan horse update (as demonstrated by evilgrade and DNS cache poisoning). The connected sources...