CVE-2008-5352 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-5352
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-5352

Description: Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.

CVE Status: Candidate

References: SUSE http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-244992-1 ST 1021312 SAID Secunia Advisory: SA33015 Secunia Advisory: SA32991 Secunia Advisory: SA34972 Secunia Advisory: SA34259 Secunia Advisory: SA33710 Secunia Advisory: SA33709 Secunia Advisory: SA33528 REDHAT http://www.redhat.com/support/errata/RHSA-2009-0016.html http://www.redhat.com/support/errata/RHSA-2009-0015.html http://rhn.redhat.com/errata/RHSA-2008-1025.html http://rhn.redhat.com/errata/RHSA-2008-1018.html OSVDB 50501 IDEFENSE http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=759 GENTOO http://security.gentoo.org/glsa/glsa-200911-02.xml CONFIRM http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid= http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm CERT http://www.us-cert.gov/cas/techalerts/TA08-340A.html BID 32608

Return to the previous page.