Heap-based Buffer Overflow in Java Runtime Environment by Sun Microsystems
CVE-2008-5356

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdk; Jre; Sdk
Vendor: CVE Published:; 5 December 2008

Summary

The Java Runtime Environment (JRE) from Sun Microsystems is susceptible to a heap-based buffer overflow vulnerability that can be exploited by attackers through a maliciously crafted TrueType font file. This vulnerability affects several versions of JRE and may allow unauthorized access to execute arbitrary code on the affected systems, increasing the risk of further exploitation and damaging attacks.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

http://marc.info/?l=bugtraq&m=126583436323697&w=2

vendor-advisoryx_refsource_HP

http://lists.opensuse.org/opensuse-security-announce/2009...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Dec 5, 2008
Vulnerability Reserved
Dec 4, 2008