Sun Java JRE Multiple Vulnerabilities (233321-233327)

This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by
multiple vulnerabilities.

Description :

The version of Sun Java Runtime Environment (JRE) installed on the
remote host is affected by one or more security issues :

- Two vulnerabilities in the JRE VM may independently allow
an untrusted application or applet downloaded from a
website to elevate its privileges (233321).

- When processing XSLT transformations, an untrusted
application or applet downloaded from a website may
be able to elevate its privileges or cause the JRE to
crash (233322).

- Three buffer overflows exist in Java Web Start (233323).

- A vulnerability in the Java Plug-in may allow an applet
download from a website to bypass the same origin policy
and execute local applications (233324).

- Multiple vulnerabilities in the JRE Image Processing
library may allow an untrusted application or applet
to elevate its privileges or cause the JRE to crash
(233325).

- A vulnerability in the JRE may allow untrusted
JavaScript code to elevate its privileges through
Java APIs (233326).

- An as-yet unspecified buffer overflow exists in Java
Web Start (233327).

See also :

http://download.oracle.com/sunalerts/1019016.1.html
http://download.oracle.com/sunalerts/1019017.1.html
http://download.oracle.com/sunalerts/1019018.1.html
http://download.oracle.com/sunalerts/1019018.1.html
http://download.oracle.com/sunalerts/1019020.1.html
http://download.oracle.com/sunalerts/1019021.1.html
http://download.oracle.com/sunalerts/1019021.1.html

Solution :

Upgrade to Sun JDK and JRE 6 Update 5 / JDK and JRE 5.0 Update 15 /
SDK and JRE 1.4.2_17 or later and remove, if necessary, any other
affected versions.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 31356 ()

Bugtraq ID: 28083
28125

CVE ID: CVE-2008-1193

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now