Executive Summary
Summary | |
---|---|
Title | Sun Alert 238666 A Security Vulnerability with the processing of fonts in the Java Runtime Environment may allow Elevation of Privileges |
Informations | |||
---|---|---|---|
Name | SUN-238666 | First vendor Publication | 2008-07-08 |
Vendor | Sun | Last vendor Modification | 2010-01-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Sun Java Standard Edition (Java SE) A buffer overflow security vulnerability with the processing of fontsin the Java Runtime Environment (JRE) may allow an untrusted applet orapplication to elevate its privileges. For example, an untrusted appletmay grant itself permissions to read and write local files or executelocal applications that are accessible to the user running theuntrusted applet. Sun acknowledges with thanks, John Heasman of NGSSoftware for bringingthis issue to our attention. State: Resolved First released: 08-Jul-2008 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_238666_a_security |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-28 | Name : Java for Mac OS X 10.5 Update 2 File : nvt/macosx_java_for_10_5_upd_2.nasl |
2009-10-13 | Name : SLES10: Security update for Java 1.4.2 File : nvt/sles10_java-1_4_2-sun0.nasl |
2009-10-13 | Name : SLES10: Security update for IBM Java 1.5 File : nvt/sles10_java-1_5_0-ibm3.nasl |
2009-10-10 | Name : SLES9: Security update for Java2 File : nvt/sles9p5033740.nasl |
2009-10-10 | Name : SLES9: Security update for IBM Java5 JRE and IBMJava5 SDK File : nvt/sles9p5034680.nasl |
2009-10-10 | Name : SLES9: Security update for IBM Java 5 File : nvt/sles9p5035420.nasl |
2009-01-23 | Name : SuSE Update for Sun Java security update SUSE-SA:2008:042 File : nvt/gb_suse_2008_042.nasl |
2009-01-23 | Name : SuSE Update for java-1_5_0-ibm,IBMJava5 SUSE-SA:2008:045 File : nvt/gb_suse_2008_045.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
46962 | Sun Java JDK / JRE Font Processing Unspecified Overflow |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-08-16 | IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products Severity : Category I - VMSKEY : V0033662 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-09-13 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_psn_2012_08_689.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host has an application that is affected by multiple vulnerab... File : sun_java_jre_5_16_unix.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host has an application that is affected by multiple vulnerab... File : sun_java_j2se_4_2_18_unix.nasl - Type : ACT_GATHER_INFO |
2009-11-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12206.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0790.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-1043.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-1044.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2008-0016.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-080715.nasl - Type : ACT_GATHER_INFO |
2008-09-25 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_rel7.nasl - Type : ACT_GATHER_INFO |
2008-09-25 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_10_5_update2.nasl - Type : ACT_GATHER_INFO |
2008-09-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-5591.nasl - Type : ACT_GATHER_INFO |
2008-09-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-5557.nasl - Type : ACT_GATHER_INFO |
2008-08-24 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_4_2-sun-5430.nasl - Type : ACT_GATHER_INFO |
2008-08-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-sun-5431.nasl - Type : ACT_GATHER_INFO |
2008-08-24 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-5434.nasl - Type : ACT_GATHER_INFO |
2008-07-15 | Name : The remote Windows host has an application that is affected by multiple vulne... File : sun_java_jre_5_16.nasl - Type : ACT_GATHER_INFO |
2008-07-15 | Name : The remote Windows host has an application that is affected by multiple vulne... File : sun_java_j2se_4_2_18.nasl - Type : ACT_GATHER_INFO |