CVE-2008-5353

From Botnets.fr
Revision as of 14:47, 19 July 2015 by Eric.freyssinet (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

MITRE CVE Reference: CVE-2008-5353
Description: The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".

Usage

Targetted asset: Java

Exploit kits using this vulnerability/ Exploit kits utilisant cette vulnérabilité:

Botnets using this vulnerability to function/propagate:

  • Botnets:

Campaigns using this vulnerability:

  • Campaigns:

Packages includingthis vulnerability:

  • Packages:

Publications

MITRE CVE LICENSE: The MITRE Corporation (MITRE) hereby grants you a non-exclusive, royalty-free license to use Common Vulnerabilities and Exposures (CVE®) for research, development, and commercial purposes. Any copy you make for such purposes is authorized provided that you reproduce MITRE’s copyright designation and this license in any such copy. MITRE CVE®, TERMS OF USE: [1]

Retrieved from "https://www.botnets.fr/index.php?title=CVE-2008-5353&oldid=4076"