9.3

CVE-2008-5358

Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJdk Updateupdate_10 Version <= 6
SunJdk Version6
SunJdk Version6 Updateupdate_1
SunJdk Version6 Updateupdate_2
SunJdk Version6 Updateupdate_3
SunJdk Version6 Updateupdate_4
SunJdk Version6 Updateupdate_5
SunJdk Version6 Updateupdate_6
SunJdk Version6 Updateupdate_7
SunJdk Version6 Updateupdate_8
SunJre Updateupdate_10 Version <= 6
SunJre Version6
SunJre Version6 Updateupdate_1
SunJre Version6 Updateupdate_2
SunJre Version6 Updateupdate_3
SunJre Version6 Updateupdate_4
SunJre Version6 Updateupdate_5
SunJre Version6 Updateupdate_6
SunJre Version6 Updateupdate_7
SunJre Version6 Updateupdate_8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.43% 0.937
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
http://secunia.com/advisories/34259
http://secunia.com/advisories/37386
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html
http://marc.info/?l=bugtraq&m=123678756409861&w=2
http://marc.info/?l=bugtraq&m=126583436323697&w=2
http://secunia.com/advisories/32991
http://secunia.com/advisories/33015
http://secunia.com/advisories/34233
http://secunia.com/advisories/34605
http://secunia.com/advisories/38539
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=
http://www.us-cert.gov/cas/techalerts/TA08-340A.html
US Government Resource
http://www.vupen.com/english/advisories/2009/0672
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
http://rhn.redhat.com/errata/RHSA-2008-1018.html
http://www.vupen.com/english/advisories/2008/3339
http://secunia.com/advisories/34447
http://www.redhat.com/support/errata/RHSA-2009-0369.html
http://secunia.com/advisories/33709
http://www.securityfocus.com/bid/32608
http://secunia.com/advisories/33187
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1
Patch
Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758
http://osvdb.org/50515
https://exchange.xforce.ibmcloud.com/vulnerabilities/47049
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6319