CVE-2008-5358

Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html
http://marc.info/?l=bugtraq&m=123678756409861&w=2
http://marc.info/?l=bugtraq&m=123678756409861&w=2
http://marc.info/?l=bugtraq&m=126583436323697&w=2
http://marc.info/?l=bugtraq&m=126583436323697&w=2
http://osvdb.org/50515
http://rhn.redhat.com/errata/RHSA-2008-1018.html
http://secunia.com/advisories/32991
http://secunia.com/advisories/33015
http://secunia.com/advisories/33187
http://secunia.com/advisories/33709
http://secunia.com/advisories/34233
http://secunia.com/advisories/34259
http://secunia.com/advisories/34447
http://secunia.com/advisories/34605
http://secunia.com/advisories/37386
http://secunia.com/advisories/38539
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1	Patch Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=
http://www.redhat.com/support/errata/RHSA-2009-0369.html
http://www.securityfocus.com/bid/32608
http://www.us-cert.gov/cas/techalerts/TA08-340A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/3339
http://www.vupen.com/english/advisories/2009/0672
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47049
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6319
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html
http://marc.info/?l=bugtraq&m=123678756409861&w=2
http://marc.info/?l=bugtraq&m=123678756409861&w=2
http://marc.info/?l=bugtraq&m=126583436323697&w=2
http://marc.info/?l=bugtraq&m=126583436323697&w=2
http://osvdb.org/50515
http://rhn.redhat.com/errata/RHSA-2008-1018.html
http://secunia.com/advisories/32991
http://secunia.com/advisories/33015
http://secunia.com/advisories/33187
http://secunia.com/advisories/33709
http://secunia.com/advisories/34233
http://secunia.com/advisories/34259
http://secunia.com/advisories/34447
http://secunia.com/advisories/34605
http://secunia.com/advisories/37386
http://secunia.com/advisories/38539
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1	Patch Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=
http://www.redhat.com/support/errata/RHSA-2009-0369.html
http://www.securityfocus.com/bid/32608
http://www.us-cert.gov/cas/techalerts/TA08-340A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/3339
http://www.vupen.com/english/advisories/2009/0672
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47049
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6319

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sun:jdk::update_10::::::*
	cpe:2.3:a:sun:jdk:6:::::::*
	cpe:2.3:a:sun:jdk:6:update_1::::::
	cpe:2.3:a:sun:jdk:6:update_2::::::
	cpe:2.3:a:sun:jdk:6:update_3::::::
	cpe:2.3:a:sun:jdk:6:update_4::::::
	cpe:2.3:a:sun:jdk:6:update_5::::::
	cpe:2.3:a:sun:jdk:6:update_6::::::
	cpe:2.3:a:sun:jdk:6:update_7::::::
	cpe:2.3:a:sun:jdk:6:update_8::::::
	cpe:2.3:a:sun:jre::update_10::::::*
	cpe:2.3:a:sun:jre:6:::::::*
	cpe:2.3:a:sun:jre:6:update_1::::::
	cpe:2.3:a:sun:jre:6:update_2::::::
	cpe:2.3:a:sun:jre:6:update_3::::::
	cpe:2.3:a:sun:jre:6:update_4::::::
	cpe:2.3:a:sun:jre:6:update_5::::::
	cpe:2.3:a:sun:jre:6:update_6::::::
	cpe:2.3:a:sun:jre:6:update_7::::::
	cpe:2.3:a:sun:jre:6:update_8::::::

History

21 Nov 2024, 00:53

Information

Published : 2008-12-05 11:30

Updated : 2025-04-09 00:30

NVD link : CVE-2008-5358

Mitre link : CVE-2008-5358

CVE.ORG link : CVE-2008-5358

JSON object : View

Products Affected

sun

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2008-5358", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-12-05T11:30:00.627", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=123678756409861&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=123678756409861&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=126583436323697&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=126583436323697&w=2", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/50515", "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2008-1018.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32991", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33015", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33187", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33709", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/34233", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/34259", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/34447", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/34605", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/37386", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/38539", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml", "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm", "source": "cve@mitre.org"}, {"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-0369.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32608", "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-340A.html", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/3339", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/0672", "source": "cve@mitre.org"}, {"url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47049", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6319", "source": "cve@mitre.org"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=123678756409861&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=123678756409861&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=126583436323697&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=126583436323697&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/50515", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2008-1018.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/32991", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/33015", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/33187", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/33709", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34233", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34259", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34447", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34605", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/37386", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/38539", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-0369.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/32608", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-340A.html", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/3339", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/0672", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47049", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6319", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll."}, {"lang": "es", "value": "Java Runtime Environment (JRE) en Sun JDK and JRE v6 Update 10 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero GIF manipulado que provoca una corrupci\u00f3n de memoria durante la visualaci\u00f3n de la imagen de bienvenida, posiblemente relacionado con la biblioteca \"splashscreen.dll\"."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sun:jdk:*:update_10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F52DFA7-EEC1-4B8C-9ADA-0DA3D81E2F8E", "versionEndIncluding": "6"}, {"criteria": "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1264A513-5AE3-4F0E-8387-1F75EBAEA241"}, {"criteria": "cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C9F6EA8-6A88-4485-89A3-0FDF84AB51DA"}, {"criteria": "cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67E0818A-3675-4293-89FE-5001E36C0F38"}, {"criteria": "cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95112B98-B6B2-43FA-BF76-F518649CF3BE"}, {"criteria": "cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A18341A-3688-48E7-95AD-283EC9C95B4A"}, {"criteria": "cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E301C59A-47F5-4861-9091-D0002CBA5B7A"}, {"criteria": "cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCD4F889-710C-43C5-85DD-70E96F8FE313"}, {"criteria": "cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED195051-AAC7-4EE1-B936-18D1C8AD2498"}, {"criteria": "cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44146DF6-F368-4F17-B379-34194873D80F"}, {"criteria": "cpe:2.3:a:sun:jre:*:update_10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFC680FA-7FCA-4345-8492-F16C86151DF8", "versionEndIncluding": "6"}, {"criteria": "cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C502FE9-F61F-4316-AA33-B09FA8BA54DF"}, {"criteria": "cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F98D2BD-2AC1-4C4C-8A10-71093DCBC4E5"}, {"criteria": "cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDC09958-5286-4C16-AB6F-63B4BDD902B3"}, {"criteria": "cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDE1E9E9-85EF-4ACA-902B-00225EB4324F"}, {"criteria": "cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0CDBFCB-42EA-4F19-A98D-7696B0D526CB"}, {"criteria": "cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53DCFF2A-77A7-41DB-A712-9B6D1FD2574A"}, {"criteria": "cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82C6F76F-68FD-4794-9182-935D85910C1F"}, {"criteria": "cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6314C9DF-9421-445D-ABCC-79EDCED23156"}, {"criteria": "cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "533670FA-B8DC-40B4-ADC1-CCD70E4A43A1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

9.3 /10