Buffer Overflow Vulnerability in Sun Java Web Start Products by Sun Microsystems
CVE-2008-3111

Currently unrated

Key Information:

Vendor

Oracle
Status
Jdk
Jre
Sdk
Vendor
CVE Published:
9 July 2008

What is CVE-2008-3111?

A critical buffer overflow vulnerability exists in Sun Java Web Start, specifically affecting various versions of JDK and JRE. This vulnerability allows context-dependent attackers to exploit untrusted applications, potentially enabling them to gain elevated privileges. Malicious actors can manipulate long values associated with specific attributes in JNLP files, thereby triggering stack-based buffer overflows. Successful exploitation can lead to unauthorized access to read, write, or execute local files and programs, significantly compromising system security.

References

http://lists.apple.com/archives/security-announce//2008/S...
vendor-advisoryx_refsource_APPLE
http://marc.info/?l=bugtraq&m=122331139823057&w=2
mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/31600
third-party-advisoryx_refsource_SECUNIA

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.