Remote Code Execution Vulnerability in Java Web Start and Java Plug-in by Sun
CVE-2008-5343

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdk; Jre; Sdk
Vendor: CVE Published:; 5 December 2008

Summary

This vulnerability allows remote attackers to craft malicious files that masquerade as both a GIF and a Java JAR file, enabling unauthorized network connections and potentially hijacking HTTP sessions. Commonly referred to as 'GIFAR', this exploit targets vulnerabilities across various versions of the Java Web Start and Java Plug-in, affecting Java Development Kit (JDK) and Java Runtime Environment (JRE) earlier than specified updates.

References

http://marc.info/?l=bugtraq&m=126583436323697&w=2

vendor-advisoryx_refsource_HP

http://lists.opensuse.org/opensuse-security-announce/2009...

vendor-advisoryx_refsource_SUSE

http://www.securityfocus.com/bid/32892

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Dec 5, 2008
Vulnerability Reserved
Dec 4, 2008