Buffer Overflow Vulnerability in Sun Java Web Start Products by Sun Microsystems
CVE-2008-3111

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdk; Jre; Sdk
Vendor: CVE Published:; 9 July 2008

Summary

A critical buffer overflow vulnerability exists in Sun Java Web Start, specifically affecting various versions of JDK and JRE. This vulnerability allows context-dependent attackers to exploit untrusted applications, potentially enabling them to gain elevated privileges. Malicious actors can manipulate long values associated with specific attributes in JNLP files, thereby triggering stack-based buffer overflows. Successful exploitation can lead to unauthorized access to read, write, or execute local files and programs, significantly compromising system security.

References

http://lists.apple.com/archives/security-announce//2008/S...

vendor-advisoryx_refsource_APPLE

http://marc.info/?l=bugtraq&m=122331139823057&w=2

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/31600

third-party-advisoryx_refsource_SECUNIA

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 9, 2008
Vulnerability Reserved
Jul 9, 2008