Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-5352

Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.

Published

2008-12-05T11:30:00.517

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-189
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sun jdk ≤ 5.0 Yes
Application sun jdk ≤ 6 Yes
Application sun jdk 5.0 Yes
Application sun jdk 5.0 Yes
Application sun jdk 5.0 Yes
Application sun jdk 5.0 Yes
Application sun jdk 5.0 Yes
Application sun jdk 5.0 Yes
Application sun jdk 5.0 Yes
Application sun jdk 5.0 Yes
Application sun jdk 5.0 Yes
Application sun jdk 6 Yes
Application sun jdk 6 Yes
Application sun jdk 6 Yes
Application sun jdk 6 Yes
Application sun jdk 6 Yes
Application sun jdk 6 Yes
Application sun jdk 6 Yes
Application sun jdk 6 Yes
Application sun jdk 6 Yes
Application sun jre ≤ 5.0 Yes
Application sun jre ≤ 6 Yes
Application sun jre 5.0 Yes
Application sun jre 5.0 Yes
Application sun jre 5.0 Yes
Application sun jre 5.0 Yes
Application sun jre 5.0 Yes
Application sun jre 5.0 Yes
Application sun jre 5.0 Yes
Application sun jre 5.0 Yes
Application sun jre 5.0 Yes
Application sun jre 6 Yes
Application sun jre 6 Yes
Application sun jre 6 Yes
Application sun jre 6 Yes
Application sun jre 6 Yes
Application sun jre 6 Yes
Application sun jre 6 Yes
Application sun jre 6 Yes
Application sun jre 6 Yes
References