Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousZDI-08-043
HistoryJul 17, 2008 - 12:00 a.m.

Sun Java Web Start vm args Stack-Based Buffer Overflow Vulnerability

2008-07-1700:00:00
Anonymous
www.zerodayinitiative.com
17

0.656 Medium

EPSS

Percentile

97.9%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the GetVMArgsOption() function used while parsing the java-vm-args attribute of the j2se tag in xml based JNLP files. When a user downloads a malicious JNLP file, the vulnerable attribute is read into a static buffer. If an overly long value is defined by the java-vm-args attribute, a stack based buffer overflow occurs, resulting in an exploitable condition.

Related

nvd 1
cve 1
saint 4
checkpoint_advisories 2
prion 1
ubuntucve 1
cvelist 1
nessus 24
suse 3
openvas 14
redhat 4
securityvulns 1
vmware 2
gentoo 1
nvd
nvd
CVE-2008-3111
2008-07-09 23:41:00
cve
cve
CVE-2008-3111
2008-07-09 23:41:00
saint
saint
Sun Java Web Start JNLP file j2se element heap-size buffer overflow
2008-07-23 00:00:00
Sun Java Web Start JNLP file j2se element heap-size buffer overflow
2008-07-23 00:00:00
Sun Java Web Start JNLP file j2se element heap-size buffer overflow
2008-07-23 00:00:00
checkpoint_advisories
checkpoint_advisories
Sun Java Web Start JNLP java-vm-args Heap Buffer Overflow (CVE-2008-3111)
2010-03-03 00:00:00
Sun Java Web Start JNLP vm args Stack Overflow (CVE-2008-3111)
2009-12-24 00:00:00
prion
prion
Stack overflow
2008-07-09 23:41:00
ubuntucve
ubuntucve
CVE-2008-3111
2008-07-09 00:00:00
cvelist
cvelist
CVE-2008-3111
2008-07-09 23:00:00
nessus
nessus
RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2008:0790)
2009-08-24 00:00:00
SuSE 10 Security Update : Java 1.4.2 (ZYPP Patch Number 5431)
2008-08-24 00:00:00
Sun Java J2SE 1.4.2 < Update 18 Multiple Vulnerabilities (Unix)
2013-02-22 00:00:00
suse
suse
remote code execution in java-1_5_0-ibm,IBMJava5
2008-09-17 13:28:28
remote code execution in IBMJava5-JRE,java-1_5_0-ibm
2008-09-04 13:19:33
remote code execution in Sun Java security update
2008-08-25 12:44:04
openvas
openvas
SLES9: Security update for IBM Java 5
2009-10-10 00:00:00
SLES10: Security update for IBM Java 1.5
2009-10-13 00:00:00
SLES9: Security update for IBM Java5 JRE and IBMJava5 SDK
2009-10-10 00:00:00
redhat
redhat
(RHSA-2008:0790) Critical: java-1.5.0-ibm security update
2008-07-31 00:00:00
(RHSA-2008:0636) Low: Red Hat Network Satellite Server Sun Java Runtime security update
2008-08-13 00:00:00
(RHSA-2008:0595) Critical: java-1.5.0-sun security update
2008-07-14 00:00:00
securityvulns
securityvulns
VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
2008-10-06 00:00:00
vmware
vmware
VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
2008-10-03 00:00:00
VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
2008-10-03 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00

0.656 Medium

EPSS

Percentile

97.9%

JSON
Related for ZDI-08-043
nvd1cve1saint4checkpoint_advisories2prion1ubuntucve1cvelist1nessus24suse3openvas14redhat4securityvulns1vmware2gentoo1