CVE-2008-1193

Sun Java Runtime Environment 1.x - Image Parsing Heap Buffer Overflow

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.

Vulnerabilidad sin especificar en Java Runtime Environment Image Parsing Library de Sun JDK y JRE 6 Actualización 4 y anteriores, y 5.0 Actualización 14 y anteriores, permite a atacantes remotos obtener privilegios a través de una aplicación no confiable.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-03-06 CVE Reserved
2008-03-06 CVE Published
2008-03-06 First Exploit
2024-08-07 CVE Updated
2024-08-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (39)

URL	Tag	Source
http://secunia.com/advisories/29239	Third Party Advisory
http://secunia.com/advisories/29273	Third Party Advisory
http://secunia.com/advisories/29498	Third Party Advisory
http://secunia.com/advisories/29582	Third Party Advisory
http://secunia.com/advisories/29841	Third Party Advisory
http://secunia.com/advisories/29858	Third Party Advisory
http://secunia.com/advisories/29897	Third Party Advisory
http://secunia.com/advisories/30003	Third Party Advisory
http://secunia.com/advisories/30676	Third Party Advisory
http://secunia.com/advisories/30780	Third Party Advisory
http://secunia.com/advisories/31497	Third Party Advisory
http://secunia.com/advisories/32018	Third Party Advisory
http://support.apple.com/kb/HT3178	Third Party Advisory
http://support.apple.com/kb/HT3179	Third Party Advisory
http://www.securityfocus.com/bid/28125	Third Party Advisory
http://www.securitytracker.com/id?1019551	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-066A.html	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0010.html	Third Party Advisory
http://www.vupen.com/english/advisories/2008/0770/references	Third Party Advisory
http://www.vupen.com/english/advisories/2008/1252	Third Party Advisory
http://www.vupen.com/english/advisories/2008/1856/references	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41028	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11409	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/31343	2008-03-06

URL	Date	SRC
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233325-1	2019-07-31

URL	Date	SRC
http://dev2dev.bea.com/pub/advisory/277	2019-07-31
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html	2019-07-31
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html	2019-07-31
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html	2019-07-31
http://security.gentoo.org/glsa/glsa-200804-28.xml	2019-07-31
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml	2019-07-31
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml	2019-07-31
http://www.redhat.com/support/errata/RHSA-2008-0186.html	2019-07-31
http://www.redhat.com/support/errata/RHSA-2008-0210.html	2019-07-31
http://www.redhat.com/support/errata/RHSA-2008-0244.html	2019-07-31
http://www.redhat.com/support/errata/RHSA-2008-0245.html	2019-07-31
http://www.redhat.com/support/errata/RHSA-2008-0267.html	2019-07-31
https://access.redhat.com/security/cve/CVE-2008-1193	2008-08-13
https://bugzilla.redhat.com/show_bug.cgi?id=436296	2008-08-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		-		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update1		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update10		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update11		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update12		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update13		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update14		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update2		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update3		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update4		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update5		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update6		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update7		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update8		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update9		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0"		-		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0"		update_3		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0"		update_4		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		-		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update1		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update10		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update11		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update12		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update13		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update14		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update2		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update3		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update4		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update5		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update6		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update7		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update8		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update9		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		-		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_1		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_2		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_3		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_4		Affected