Strix
26.1K

CVE-2008-3111

UnknownEPSS 4.27%

Last modified

CVE-2008-3111 is a vulnerability of currently unknown severity. Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.. EPSS estimates a 4.27% chance of exploitation in the next 30 days.

Description

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.

Metrics

EPSS Probability
4.27%

89.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
SunJdk5.0Update 1
SunJdk6Update 1
SunJre1.4
SunJre1.4.2_01
SunJre1.4.2_02
SunJre1.4.2_03
SunJre1.4.2_04
SunJre1.4.2_05
SunJre1.4.2_06
SunJre1.4.2_07
SunJre1.4.2_8
SunJre1.4.2_9
SunJre1.4.2_10
SunJre1.4.2_11
SunJre1.4.2_12
SunJre1.4.2_13
SunJre1.4.2_14
SunJre1.4.2_15
SunJre1.4.2_16
SunJre1.4.2_17
SunJre5.0Update 1
SunJre6Update 1
SunSdk1.4
SunSdk1.4.2
SunSdk1.4.2_01
SunSdk1.4.2_02
SunSdk1.4.2_03
SunSdk1.4.2_04
SunSdk1.4.2_05
SunSdk1.4.2_06
SunSdk1.4.2_07
SunSdk1.4.2_08
SunSdk1.4.2_09
SunSdk1.4.2_10
SunSdk1.4.2_11
SunSdk1.4.2_12
SunSdk1.4.2_13
SunSdk1.4.2_14
SunSdk1.4.2_15
SunSdk1.4.2_16
SunSdk1.4.2_17

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2008-3111?
Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.
How severe is CVE-2008-3111?
Severity scoring for CVE-2008-3111 is pending analysis. The EPSS model estimates a 4.27% probability of exploitation in the next 30 days.
How do I fix CVE-2008-3111?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-3111?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST