Vulnerability Details : CVE-2008-5352

Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.

Vulnerability category: Overflow

Published 2008-12-05 11:30:01

Updated 2017-09-29 01:32:36

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-5352

Probability of exploitation activity in the next 30 days: 95.12%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-5352

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-5352

CWE-189

Assigned by: [email protected] (Primary)

References for CVE-2008-5352

Products affected by CVE-2008-5352

SUN » JDK » Update Update 16
Versions up to, including, (<=) 5.0
cpe:2.3:a:sun:jdk:*:update_16:*:*:*:*:*:*
Matching versions
SUN » JDK » Update Update 10
Versions up to, including, (<=) 6
cpe:2.3:a:sun:jdk:*:update_10:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 1
cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6
cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 3
cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 3
cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 1
cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 10
cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 2
cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 13
cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 2
cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 11
cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 12
cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 6
cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 7
cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 8
cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 15
cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 5
cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 4
cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 14
cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
Matching versions
SUN » JRE » Update Update 16
Versions up to, including, (<=) 5.0
cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*
Matching versions
SUN » JRE » Update Update 10
Versions up to, including, (<=) 6
cpe:2.3:a:sun:jre:*:update_10:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0
cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6
cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 1
cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 1
cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 10
cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 2
cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 3
cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 11
cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 12
cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 13
cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 2
cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 6
cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 7
cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 14
cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 4
cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 5
cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 8
cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 15
cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*
Matching versions