CVE-2008-0657

Properties

Published:
06.02.2008
Updated:
21.08.2010
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Product:
sun: jre
sun: jre

Vulnerability description

Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.

References:

VUPEN: http://www.frsirt.com/english/advisories/2008/0429
SECUNIA: http://secunia.com/advisories/28795
CONFIRM: http://www.vmware.com/security/advisories/VMSA-2008-0010.html
SECTRACK: http://www.securitytracker.com/id?1019308
BID: http://www.securityfocus.com/bid/27650
REDHAT: http://www.redhat.com/support/errata/RHSA-2008-0210.html
REDHAT: http://www.redhat.com/support/errata/RHSA-2008-0156.html
REDHAT: http://www.redhat.com/support/errata/RHSA-2008-0123.html
GENTOO: http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
GENTOO: http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
VUPEN: http://www.frsirt.com/english/advisories/2008/1856/references
VUPEN: http://www.frsirt.com/english/advisories/2008/1252
SUNALERT: http://sunsolve.sun.com/search/document.do?assetkey=1-26-231261-1
GENTOO: http://security.gentoo.org/glsa/glsa-200804-28.xml
SECUNIA: http://secunia.com/advisories/31497
SECUNIA: http://secunia.com/advisories/30780
SECUNIA: http://secunia.com/advisories/30676
SECUNIA: http://secunia.com/advisories/29897
SECUNIA: http://secunia.com/advisories/29858
SECUNIA: http://secunia.com/advisories/29841
SECUNIA: http://secunia.com/advisories/29498
SECUNIA: http://secunia.com/advisories/29214
SECUNIA: http://secunia.com/advisories/28888
OVAL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11505
SUSE: http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
BEA: http://dev2dev.bea.com/pub/advisory/277