Upstream information
Description
Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 10 |
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
SUSE Security Advisories:
- SUSE-SA:2008:042, published Mon, 25 Aug 2008 11:00:00 +0000
- SUSE-SA:2008:043, published Thu, 04 Sep 2008 11:00:00 +0000
- SUSE-SA:2008:045, published Wed, 17 Sep 2008 11:00:00 +0000
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 16:08:16 2013CVE page last modified: Fri Dec 8 16:27:08 2023