Remote Code Execution Vulnerability in Java Web Start and Java Plug-in by Sun
CVE-2008-5343

Currently unrated

Key Information:

Vendor
Oracle
Status
Vendor
CVE Published:
5 December 2008

Summary

This vulnerability allows remote attackers to craft malicious files that masquerade as both a GIF and a Java JAR file, enabling unauthorized network connections and potentially hijacking HTTP sessions. Commonly referred to as 'GIFAR', this exploit targets vulnerabilities across various versions of the Java Web Start and Java Plug-in, affecting Java Development Kit (JDK) and Java Runtime Environment (JRE) earlier than specified updates.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.