CVE-2008-1188

Java Web Start encoding Stack Buffer Overflow Vulnerability

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."

Múltiples desbordamientos de búfer en la función useEncodingDecl en Java Web Start en JDK y JRE de Sun versión 6 Update 4 y anteriores, y versión 5.0 Update 14 y anteriores, permiten a los atacantes remotos ejecutar código arbitrario por medio de un archivo JNLP con (1) un nombre de clave largo en el encabezado xml o (2) un valor de juego de caracteres largo, problemas diferentes del CVE-2008-1189, también se conoce como "The first two issues".

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists in the useEncodingDecl() function used while parsing the xml header character encoding attribute. When a user downloads a malicious JNLP file, the charset value is read into a static buffer. If an overly charset name in the xml header is included, a stack based buffer overflow occurs, resulting in an exploitable condition.

*Credits: Anonymous

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-03-06 CVE Reserved
2008-03-06 CVE Published
2024-08-07 CVE Updated
2024-08-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (34)

URL	Tag	Source
http://secunia.com/advisories/29239	Third Party Advisory
http://secunia.com/advisories/29273	Third Party Advisory
http://secunia.com/advisories/29498	Third Party Advisory
http://secunia.com/advisories/29582	Third Party Advisory
http://secunia.com/advisories/29858	Third Party Advisory
http://secunia.com/advisories/29897	Third Party Advisory
http://secunia.com/advisories/30676	Third Party Advisory
http://secunia.com/advisories/30780	Third Party Advisory
http://secunia.com/advisories/31497	Third Party Advisory
http://secunia.com/advisories/32018	Third Party Advisory
http://support.apple.com/kb/HT3178	Third Party Advisory
http://support.apple.com/kb/HT3179	Third Party Advisory
http://www.securitytracker.com/id?1019549	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-066A.html	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0010.html	Third Party Advisory
http://www.vupen.com/english/advisories/2008/0770/references	Third Party Advisory
http://www.vupen.com/english/advisories/2008/1856/references	Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-009	Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-010	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41029	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41133	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11209	Signature

URL	Date	SRC

URL	Date	SRC
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1	2019-07-31

URL	Date	SRC
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html	2019-07-31
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html	2019-07-31
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html	2019-07-31
http://security.gentoo.org/glsa/glsa-200804-28.xml	2019-07-31
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml	2019-07-31
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml	2019-07-31
http://www.redhat.com/support/errata/RHSA-2008-0186.html	2019-07-31
http://www.redhat.com/support/errata/RHSA-2008-0210.html	2019-07-31
http://www.redhat.com/support/errata/RHSA-2008-0267.html	2019-07-31
https://access.redhat.com/security/cve/CVE-2008-1188	2008-08-13
https://bugzilla.redhat.com/show_bug.cgi?id=436293	2008-08-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		-		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update1		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update10		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update11		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update12		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update13		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update14		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update2		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update3		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update4		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update5		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update6		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update7		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update8		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update9		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0"		-		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0"		update_3		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0"		update_4		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		-		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update1		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update10		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update11		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update12		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update13		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update14		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update2		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update3		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update4		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update5		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update6		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update7		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update8		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update9		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		-		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_1		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_2		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_3		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_4		Affected