Vigil@nce: Java JDK/JRE/SDK, several vulnerabilities
July 2008 by Vigil@nce
Several vulnerabilities were announced in Java JDK/JRE/SDK.
– Gravity: 4/4
– Consequences: user access/rights, data reading, data
– creation/edition
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 09/07/2008
– Identifier: VIGILANCE-VUL-7943
IMPACTED PRODUCTS
– Fedora [confidential versions]
– Java JRE/JDK [confidential versions]
– Java JRE/JDK/J2SE [confidential versions]
– Java JRE/SDK [confidential versions]
– Java JRE/SDK/J2SE [confidential versions]
DESCRIPTION
Several vulnerabilities were announced in Java JDK/JRE/SDK.
An attacker can use XML data to access to some resources.
[grav:1/4; 238628, 6542088, 6607339]
A malicious applet/application can use a character font to execute
code on the system. [grav:4/4; 238666, 6450319]
A malicious applet/application can use the script language to
execute code on the system. [grav:4/4; 238687, 6529568, 6529579]
Several vulnerabilities of Java Web Start can be used by an
attacker to execute code, to access to files or to obtain
information. [grav:3/4; 238905, 6557220, 6703909, 6704074, 6704077]
A JMX (Java Management Extensions) client can perform unauthorized
operations when local monitoring (sun.management.JMXConnectorServer.address)
is enabled. [grav:2/4; 238965, 6332953]
Since version JRE 5.0 Update 6, an applet always run on the latest
JRE version. However, if an old version is installed, this
potentially vulnerable version is used. [grav:1/4; 238966, 6581221]
A malicious applet/application can execute code on the system.
[grav:4/4; 238967, 6661918]
A malicious Java applet can open a TCP/UDP socket connection to a
chosen IP address. [grav:2/4; 238968, 6687392]
CHARACTERISTICS
– Identifiers: 238628, 238666, 238687, 238905, 238965, 238966,
238967, 238968, 6332953, 6450319, 6529568, 6529579, 6542088,
6557220, 6581221, 6607339, 6661918, 6687392, 6703909, 6704074,
6704077, FEDORA-2008-6271, VIGILANCE-VUL-7943
– Url: https://vigilance.aql.fr/tree/1/7943