CVE-2008-1188

Name: CVE-2008-1188
Creator: NVD / NIST
Published: 2008-03-06T21:44:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 12.48%

Last modified Jun 16, 2026

CVE-2008-1188 is a vulnerability of currently unknown severity. Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues.". EPSS estimates a 12.48% chance of exploitation in the next 30 days.

Description

Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."

Metrics

EPSS Probability

12.48%

95.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Sun	Jdk	1.5.0
Sun	Jdk	1.6.0
Sun	Jre	1.5.0
Sun	Jre	1.6.0

References

http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.htmlMailing List, Third Party Advisory
http://secunia.com/advisories/29239Third Party Advisory
http://secunia.com/advisories/29273Third Party Advisory
http://secunia.com/advisories/29498Third Party Advisory
http://secunia.com/advisories/29582Third Party Advisory
http://secunia.com/advisories/29858Third Party Advisory
http://secunia.com/advisories/29897Third Party Advisory
http://secunia.com/advisories/30676Third Party Advisory
http://secunia.com/advisories/30780Third Party Advisory
http://secunia.com/advisories/31497Third Party Advisory
http://secunia.com/advisories/32018Third Party Advisory
http://security.gentoo.org/glsa/glsa-200804-28.xmlThird Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1Patch, Third Party Advisory
http://support.apple.com/kb/HT3178Third Party Advisory
http://support.apple.com/kb/HT3179Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xmlThird Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0186.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0210.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0267.htmlThird Party Advisory
http://www.securitytracker.com/id?1019549Third Party Advisory, VDB Entry
http://www.us-cert.gov/cas/techalerts/TA08-066A.htmlThird Party Advisory, US Government Resource
http://www.vmware.com/security/advisories/VMSA-2008-0010.htmlThird Party Advisory
http://www.vupen.com/english/advisories/2008/0770/referencesThird Party Advisory
http://www.vupen.com/english/advisories/2008/1856/referencesThird Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-009/Third Party Advisory, VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-08-010/Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41029Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41133Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11209Third Party Advisory
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.htmlMailing List, Third Party Advisory
http://secunia.com/advisories/29239Third Party Advisory
http://secunia.com/advisories/29273Third Party Advisory
http://secunia.com/advisories/29498Third Party Advisory
http://secunia.com/advisories/29582Third Party Advisory
http://secunia.com/advisories/29858Third Party Advisory
http://secunia.com/advisories/29897Third Party Advisory
http://secunia.com/advisories/30676Third Party Advisory
http://secunia.com/advisories/30780Third Party Advisory
http://secunia.com/advisories/31497Third Party Advisory
http://secunia.com/advisories/32018Third Party Advisory
http://security.gentoo.org/glsa/glsa-200804-28.xmlThird Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1Patch, Third Party Advisory
http://support.apple.com/kb/HT3178Third Party Advisory
http://support.apple.com/kb/HT3179Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xmlThird Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0186.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0210.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0267.htmlThird Party Advisory
http://www.securitytracker.com/id?1019549Third Party Advisory, VDB Entry
http://www.us-cert.gov/cas/techalerts/TA08-066A.htmlThird Party Advisory, US Government Resource
http://www.vmware.com/security/advisories/VMSA-2008-0010.htmlThird Party Advisory
http://www.vupen.com/english/advisories/2008/0770/referencesThird Party Advisory
http://www.vupen.com/english/advisories/2008/1856/referencesThird Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-009/Third Party Advisory, VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-08-010/Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41029Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41133Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11209Third Party Advisory

Timeline

Published: Mar 6, 2008
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2008-1188?

How severe is CVE-2008-1188?

Severity scoring for CVE-2008-1188 is pending analysis. The EPSS model estimates a 12.48% probability of exploitation in the next 30 days.

How do I fix CVE-2008-1188?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-1188?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST