CVE-2008-5358

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html

http://marc.info/?l=bugtraq&m=123678756409861&w=2

http://marc.info/?l=bugtraq&m=126583436323697&w=2

http://osvdb.org/50515

http://rhn.redhat.com/errata/RHSA-2008-1018.html

http://secunia.com/advisories/32991

http://secunia.com/advisories/33015

http://secunia.com/advisories/33187

http://secunia.com/advisories/33709

http://secunia.com/advisories/34233

http://secunia.com/advisories/34259

http://secunia.com/advisories/34447

http://secunia.com/advisories/34605

http://secunia.com/advisories/37386

http://secunia.com/advisories/38539

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1

http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

http://www.redhat.com/support/errata/RHSA-2009-0369.html

http://www.securityfocus.com/bid/32608

http://www.us-cert.gov/cas/techalerts/TA08-340A.html

http://www.vupen.com/english/advisories/2008/3339

http://www.vupen.com/english/advisories/2009/0672

http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

https://exchange.xforce.ibmcloud.com/vulnerabilities/47049

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6319

Details

Source: MITRE

Published: 2008-12-05

Updated: 2017-09-29

Type: CWE-119

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
89116VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check)NessusMisc.
critical
64828Sun Java JRE Multiple Vulnerabilities (244986 et al) (Unix)NessusMisc.
critical
43143HP-UX PHSS_40375 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 25NessusHP-UX Local Security Checks
critical
43142HP-UX PHSS_40374 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25NessusHP-UX Local Security Checks
critical
42834GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
42179VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issuesNessusVMware ESX Local Security Checks
high
41526SuSE 10 Security Update : Sun Java 1.4.2 (ZYPP Patch Number 5852)NessusSuSE Local Security Checks
critical
41405SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 736)NessusSuSE Local Security Checks
critical
41263SuSE9 Security Update : Sun Java (YOU Patch Number 12321)NessusSuSE Local Security Checks
critical
40739RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:0369)NessusRed Hat Local Security Checks
critical
40732RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:1025)NessusRed Hat Local Security Checks
critical
40731RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018)NessusRed Hat Local Security Checks
critical
40241openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376)NessusSuSE Local Security Checks
critical
40238openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-578)NessusSuSE Local Security Checks
critical
40235openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)NessusSuSE Local Security Checks
critical
40002openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376)NessusSuSE Local Security Checks
critical
39997openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)NessusSuSE Local Security Checks
critical
37381Ubuntu 8.10 : OpenJDK vulnerabilities (USN-713-1)NessusUbuntu Local Security Checks
critical
37147Fedora 10 : java-1.6.0-openjdk-1.6.0.0-7.b12.fc10 (2008-10913)NessusFedora Local Security Checks
critical
35306openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5876)NessusSuSE Local Security Checks
critical
35305openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5875)NessusSuSE Local Security Checks
critical
35046Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9 (2008-10860)NessusFedora Local Security Checks
critical
35030Sun Java JRE Multiple Vulnerabilities (244986 et al)NessusWindows
high