1. Home
  2. CVE Database
  3. CVE-2008-1188
HIGH · 9.3

CVE-2008-1188

Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code v...

Vulnerability Description

Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
SunJdk1.5.0
SunJre1.5.0

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2008-1188?

CVE-2008-1188 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code v...

How severe is CVE-2008-1188?

CVE-2008-1188 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-1188?

Check the references section above for vendor advisories and patch information. Affected products include: Sun Jdk, Sun Jre.