CVE-2008-1188

Related Files

VMware Security Advisory 2008-00010

Posted Jun 17, 2008

Authored by VMware | Site vmware.com

VMware Security Advisory - Updated Tomcat and Java JRE packages have been made available for VMWare ESX 3.5. It is not a few updates either. Check out how many CVEs are covered. Judging by the CVE age, their turn around time on patching is quite sad.

tags | advisory, java

advisories | CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, CVE-2008-0657, CVE-2007-5689

SHA-256 | bdca972198318dc99cbe922fcffca76537d29df7f9248d8962802a8c0051113f

Download | Favorite | View

Gentoo Linux Security Advisory 200804-20

Posted Apr 18, 2008

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-20 - Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). Versions less than 1.6.0.05 are affected.

tags | advisory, java, vulnerability

systems | linux, gentoo

advisories | CVE-2007-2435, CVE-2007-2788, CVE-2007-2789, CVE-2007-3655, CVE-2007-5232, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239, CVE-2007-5240, CVE-2007-5273, CVE-2007-5274, CVE-2007-5689, CVE-2008-0628, CVE-2008-0657, CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188

SHA-256 | 336ca6a967f2af444479d95fdc1e2091e65e778a9202ae7f90eb7a6d79f45707

Download | Favorite | View

Zero Day Initiative Advisory 08-010

Posted Mar 13, 2008

Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the useEncodingDecl() function used while parsing the xml header character encoding attribute. When a user downloads a malicious JNLP file, the charset value is read into a static buffer. If an overly charset name in the xml header is included, a stack based buffer overflow occurs, resulting in an exploitable condition.

tags | advisory, java, remote, web, overflow, arbitrary

advisories | CVE-2008-1188

SHA-256 | 923797dc1bf1c25338041d37da3558118c195bfff755e485c7aafb315b2b7007

Download | Favorite | View

Zero Day Initiative Advisory 08-09

Posted Mar 13, 2008

Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the useEncodingDecl() function used while checking xml based JNLP files for UTF8 characters. When a user downloads a malicious JNLP file, the data immediately preceding the opening of the xml tag is read into a static buffer. If an overly long key name in the xml header is included, a stack based buffer overflow occurs, resulting in an exploitable condition.

tags | advisory, java, remote, web, overflow, arbitrary

advisories | CVE-2008-1188

SHA-256 | 0788cf91d1b197ab5c2a1df76061ebfdf6020f10bebd98d45185d72d2d0b1e8d

Download | Favorite | View