CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.3%
Added: 02/26/2009
CVE: CVE-2008-5354
BID: 32608
OSVDB: 50499
Java Runtime Environment (JRE) allows end users to run Java applications.
A buffer overflow vulnerability in JRE allows command execution when a user opens a JAR archive containing a manifest file with a specially crafted Main Class entry.
Apply the patch referenced in Sun document 244990.
<http://www.us-cert.gov/cas/techalerts/TA08-340A.html>
Exploit works on Java Runtime Environment 1.6 Update 10 and requires a user to open the exploit file.
Execution of this exploit requires the Digest::CRC PERL module. On Linux systems this is typically found in a package named such as libdigest-crc-perl or perl-Digest-CRC.
Windows 2000
Windows XP