CVE-2008-3111
Sun Java Web Start vm args Stack-Based Buffer Overflow Vulnerability
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.
Múltiples desbordamientos de búfer en Sun Java Web Start en JDK y JRE versión 6 anterior a la Actualización 4, JDK y JRE versión 5.0 anterior a la Actualización 16, y SDK y JRE versión 1.4.x anterior a 1.4.2_18, permiten a los atacantes dependiendo del contexto obtener privilegios por medio de una aplicación no confiable, como se ha demostrado por (a) una aplicación que otorga privilegios para sí mismo (1) leer archivos locales, (2) escribir en archivos locales, o (3) ejecutar programas locales; y como lo demuestra por (b) un valor largo asociado con un atributo java-vm-args en una etiqueta j2se en un archivo JNLP, que activa un desbordamiento del búfer en la región stack de la memoria en la función GetVMArgsOption; también se conoce como CR 6557220.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists in the GetVMArgsOption() function used while parsing the java-vm-args attribute of the j2se tag in xml based JNLP files. When a user downloads a malicious JNLP file, the vulnerable attribute is read into a static buffer. If an overly long value is defined by the java-vm-args attribute, a stack based buffer overflow occurs, resulting in an exploitable condition.
*Credits:
Anonymous
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-07-09 CVE Reserved
- 2008-07-09 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (34)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=122331139823057&w=2 | Mailing List | |
| http://secunia.com/advisories/31736 | Third Party Advisory | |
| http://support.apple.com/kb/HT3178 | X_refsource_confirm |
|
| http://support.apple.com/kb/HT3179 | X_refsource_confirm |
|
| http://www.securityfocus.com/archive/1/494505/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/497041/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/30148 | Vdb Entry | |
| http://www.securitytracker.com/id?1020452 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-193A.html | Third Party Advisory | |
| http://www.vmware.com/security/advisories/VMSA-2008-0016.html | X_refsource_confirm | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-043 | X_refsource_misc |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43664 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_1 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_10 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_11 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_12 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_13 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_14 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_15 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_2 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_3 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_4 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_5 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_6 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_7 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_8 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_9 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 6 Search vendor "Sun" for product "Jdk" and version "6" | update_1 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 6 Search vendor "Sun" for product "Jdk" and version "6" | update_2 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 6 Search vendor "Sun" for product "Jdk" and version "6" | update_3 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4 Search vendor "Sun" for product "Jre" and version "1.4" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_01 Search vendor "Sun" for product "Jre" and version "1.4.2_01" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_02 Search vendor "Sun" for product "Jre" and version "1.4.2_02" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_03 Search vendor "Sun" for product "Jre" and version "1.4.2_03" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_04 Search vendor "Sun" for product "Jre" and version "1.4.2_04" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_05 Search vendor "Sun" for product "Jre" and version "1.4.2_05" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_06 Search vendor "Sun" for product "Jre" and version "1.4.2_06" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_07 Search vendor "Sun" for product "Jre" and version "1.4.2_07" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_8 Search vendor "Sun" for product "Jre" and version "1.4.2_8" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_9 Search vendor "Sun" for product "Jre" and version "1.4.2_9" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_10 Search vendor "Sun" for product "Jre" and version "1.4.2_10" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_11 Search vendor "Sun" for product "Jre" and version "1.4.2_11" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_12 Search vendor "Sun" for product "Jre" and version "1.4.2_12" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_13 Search vendor "Sun" for product "Jre" and version "1.4.2_13" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_14 Search vendor "Sun" for product "Jre" and version "1.4.2_14" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_15 Search vendor "Sun" for product "Jre" and version "1.4.2_15" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_16 Search vendor "Sun" for product "Jre" and version "1.4.2_16" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_17 Search vendor "Sun" for product "Jre" and version "1.4.2_17" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_1 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_10 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_11 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_12 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_13 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_14 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_15 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_2 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_3 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_4 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_5 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_6 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_7 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_8 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_9 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 6 Search vendor "Sun" for product "Jre" and version "6" | update_1 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 6 Search vendor "Sun" for product "Jre" and version "6" | update_2 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 6 Search vendor "Sun" for product "Jre" and version "6" | update_3 |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4 Search vendor "Sun" for product "Sdk" and version "1.4" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2 Search vendor "Sun" for product "Sdk" and version "1.4.2" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_01 Search vendor "Sun" for product "Sdk" and version "1.4.2_01" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_02 Search vendor "Sun" for product "Sdk" and version "1.4.2_02" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_03 Search vendor "Sun" for product "Sdk" and version "1.4.2_03" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_04 Search vendor "Sun" for product "Sdk" and version "1.4.2_04" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_05 Search vendor "Sun" for product "Sdk" and version "1.4.2_05" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_06 Search vendor "Sun" for product "Sdk" and version "1.4.2_06" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_07 Search vendor "Sun" for product "Sdk" and version "1.4.2_07" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_08 Search vendor "Sun" for product "Sdk" and version "1.4.2_08" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_09 Search vendor "Sun" for product "Sdk" and version "1.4.2_09" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_10 Search vendor "Sun" for product "Sdk" and version "1.4.2_10" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_11 Search vendor "Sun" for product "Sdk" and version "1.4.2_11" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_12 Search vendor "Sun" for product "Sdk" and version "1.4.2_12" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_13 Search vendor "Sun" for product "Sdk" and version "1.4.2_13" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_14 Search vendor "Sun" for product "Sdk" and version "1.4.2_14" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_15 Search vendor "Sun" for product "Sdk" and version "1.4.2_15" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_16 Search vendor "Sun" for product "Sdk" and version "1.4.2_16" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_17 Search vendor "Sun" for product "Sdk" and version "1.4.2_17" | - |
Affected
| ||||||