Remote Code Execution Vulnerability in Sun Java Web Start
CVE-2008-4910

Currently unrated

Key Information:

Vendor: Oracle
Status: Java Web Start
Vendor: CVE Published:; 4 November 2008

What is CVE-2008-4910?

The BasicService component of Sun Java Web Start is susceptible to a vulnerability that permits remote attackers to execute arbitrary programs on a user's client machine. This is achieved through the manipulation of the showDocument method, where a crafted file:// URL can lead to unauthorized command execution. Users of this Java platform are urged to review their security practices, as this vulnerability creates significant risks for system integrity.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/46119

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/31916

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/497799/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2008
Vulnerability Reserved
Nov 3, 2008

Oracle

What is CVE-2008-4910?

References

Timeline