Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousZDI-08-010
HistoryMar 12, 2008 - 12:00 a.m.

Java Web Start encoding Stack Buffer Overflow Vulnerability

2008-03-1200:00:00
Anonymous
www.zerodayinitiative.com
14

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.546 Medium

EPSS

Percentile

97.6%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the useEncodingDecl() function used while parsing the xml header character encoding attribute. When a user downloads a malicious JNLP file, the charset value is read into a static buffer. If an overly charset name in the xml header is included, a stack based buffer overflow occurs, resulting in an exploitable condition.

Related

checkpoint_advisories 1
securityvulns 3
zdi 1
prion 2
ubuntucve 2
cve 2
nessus 14
redhat 4
openvas 13
suse 2
f5 2
vmware 2
gentoo 1
checkpoint_advisories
checkpoint_advisories
Sun Java Web Start Charset Encoding Stack Buffer Overflow (CVE-2008-1188)
2010-03-01 00:00:00
securityvulns
securityvulns
ZDI-08-010: Java Web Start encoding Stack Buffer Overflow
2008-03-13 00:00:00
Sun java WebStart multiple security vulnerabilities
2008-03-13 00:00:00
ZDI-08-009: Java Web Start tempbuff Stack Buffer Overflow
2008-03-13 00:00:00
zdi
zdi
Java Web Start tempbuff Stack Buffer Overflow Vulnerability
2008-03-12 00:00:00
prion
prion
Buffer overflow
2008-03-06 21:44:00
Buffer overflow
2008-03-06 21:44:00
ubuntucve
ubuntucve
CVE-2008-1189
2008-03-06 00:00:00
CVE-2008-1188
2008-03-06 00:00:00
cve
cve
CVE-2008-1189
2008-03-06 21:44:00
CVE-2008-1188
2008-03-06 21:44:00
nessus
nessus
RHEL 5 : java-1.6.0-ibm (RHSA-2008:0267)
2013-01-24 00:00:00
RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2008:0210)
2009-08-24 00:00:00
openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5133)
2008-04-04 00:00:00
redhat
redhat
(RHSA-2008:0267) Critical: java-1.6.0-ibm security update
2008-05-19 00:00:00
(RHSA-2008:0210) Critical: java-1.5.0-ibm security update
2008-04-03 00:00:00
(RHSA-2008:0186) Critical: java-1.5.0-sun security update
2008-03-06 00:00:00
openvas
openvas
SLES10: Security update for Sun Java
2009-10-13 00:00:00
SLES9: Security update for Java2
2009-10-10 00:00:00
SLES9: Security update for Java2
2009-10-10 00:00:00
suse
suse
remote code execution in Sun Java
2008-04-02 15:02:11
remote code execution in IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm
2008-04-25 14:46:33
f5
f5
K16475 : Multiple Sun Java vulnerabilities
2015-04-21 00:00:00
SOL16475 - Multiple Sun Java vulnerabilities
2015-04-21 00:00:00
vmware
vmware
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
2008-06-16 00:00:00
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
2008-06-16 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2008-04-17 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.546 Medium

EPSS

Percentile

97.6%

JSON
Related for ZDI-08-010
checkpoint_advisories1securityvulns3zdi1prion2ubuntucve2cve2nessus14redhat4openvas13suse2f52vmware2gentoo1