CVE-2008-1194

JRE image parsing library allows privilege escalation (CVE-2008-1194)

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.

Múltiples vulnerabilidades sin especificar en la librería de gestión del color en Sun JDK y JRE 6 Actualización 4 y anteriores, y 5.0 Actualización 14 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores desconocidos.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-03-06 CVE Reserved
2008-03-06 CVE Published
2024-08-07 CVE Updated
2024-08-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (36)

URL	Tag	Source
http://secunia.com/advisories/29239	Third Party Advisory
http://secunia.com/advisories/29273	Third Party Advisory
http://secunia.com/advisories/29498	Third Party Advisory
http://secunia.com/advisories/29582	Third Party Advisory
http://secunia.com/advisories/29858	Third Party Advisory
http://secunia.com/advisories/29897	Third Party Advisory
http://secunia.com/advisories/30003	Third Party Advisory
http://secunia.com/advisories/30676	Third Party Advisory
http://secunia.com/advisories/30780	Third Party Advisory
http://secunia.com/advisories/31497	Third Party Advisory
http://secunia.com/advisories/32018	Third Party Advisory
http://support.apple.com/kb/HT3178	Third Party Advisory
http://support.apple.com/kb/HT3179	Third Party Advisory
http://www.securitytracker.com/id?1019551	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-066A.html	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0010.html	Third Party Advisory
http://www.vupen.com/english/advisories/2008/0770/references	Third Party Advisory
http://www.vupen.com/english/advisories/2008/1252	Third Party Advisory
http://www.vupen.com/english/advisories/2008/1856/references	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41132	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9542	Signature

URL	Date	SRC

URL	Date	SRC
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233325-1	2019-07-31

URL	Date	SRC
http://dev2dev.bea.com/pub/advisory/277	2019-07-31
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html	2019-07-31
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html	2019-07-31
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html	2019-07-31
http://security.gentoo.org/glsa/glsa-200804-28.xml	2019-07-31
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml	2019-07-31
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml	2019-07-31
http://www.redhat.com/support/errata/RHSA-2008-0186.html	2019-07-31
http://www.redhat.com/support/errata/RHSA-2008-0210.html	2019-07-31
http://www.redhat.com/support/errata/RHSA-2008-0244.html	2019-07-31
http://www.redhat.com/support/errata/RHSA-2008-0245.html	2019-07-31
http://www.redhat.com/support/errata/RHSA-2008-0267.html	2019-07-31
https://access.redhat.com/security/cve/CVE-2008-1194	2008-08-13
https://bugzilla.redhat.com/show_bug.cgi?id=436296	2008-08-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		-		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update1		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update10		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update11		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update12		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update13		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update14		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update2		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update3		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update4		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update5		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update6		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update7		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update8		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0"		update9		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0"		-		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0"		update_3		Affected
Sun Search vendor "Sun"		Jdk Search vendor "Sun" for product "Jdk"				1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0"		update_4		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		-		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update1		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update10		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update11		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update12		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update13		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update14		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update2		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update3		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update4		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update5		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update6		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update7		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update8		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update9		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		-		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_1		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_2		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_3		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_4		Affected