CVE - CVE-2008-1188

CVE-ID
CVE-2008-1188	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2008-09-24 URL:http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html CERT:TA08-066A URL:http://www.us-cert.gov/cas/techalerts/TA08-066A.html CONFIRM:http://support.apple.com/kb/HT3178 CONFIRM:http://support.apple.com/kb/HT3179 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2008-0010.html GENTOO:GLSA-200804-20 URL:http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml GENTOO:GLSA-200804-28 URL:http://security.gentoo.org/glsa/glsa-200804-28.xml GENTOO:GLSA-200806-11 URL:http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml MISC:http://www.zerodayinitiative.com/advisories/ZDI-08-009/ MISC:http://www.zerodayinitiative.com/advisories/ZDI-08-010/ OVAL:oval:org.mitre.oval:def:11209 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11209 REDHAT:RHSA-2008:0186 URL:http://www.redhat.com/support/errata/RHSA-2008-0186.html REDHAT:RHSA-2008:0210 URL:http://www.redhat.com/support/errata/RHSA-2008-0210.html REDHAT:RHSA-2008:0267 URL:http://www.redhat.com/support/errata/RHSA-2008-0267.html SECTRACK:1019549 URL:http://www.securitytracker.com/id?1019549 SECUNIA:29239 URL:http://secunia.com/advisories/29239 SECUNIA:29273 URL:http://secunia.com/advisories/29273 SECUNIA:29498 URL:http://secunia.com/advisories/29498 SECUNIA:29582 URL:http://secunia.com/advisories/29582 SECUNIA:29858 URL:http://secunia.com/advisories/29858 SECUNIA:29897 URL:http://secunia.com/advisories/29897 SECUNIA:30676 URL:http://secunia.com/advisories/30676 SECUNIA:30780 URL:http://secunia.com/advisories/30780 SECUNIA:31497 URL:http://secunia.com/advisories/31497 SECUNIA:32018 URL:http://secunia.com/advisories/32018 SUNALERT:233323 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1~~ (Obsolete source) SUSE:SUSE-SA:2008:018 URL:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html SUSE:SUSE-SA:2008:025 URL:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html VUPEN:ADV-2008-0770 URL:~~http://www.vupen.com/english/advisories/2008/0770/references~~ (Obsolete source) VUPEN:ADV-2008-1856 URL:~~http://www.vupen.com/english/advisories/2008/1856/references~~ (Obsolete source) XF:javawebstart-application-priv-escalation(41029) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41029 XF:javawebstart-multiple-unspecified-bo(41133) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41133
Assigning CNA
MITRE Corporation
Date Record Created
20080306	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080306)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)