NVD脆弱性詳細

CVE-2008-5358

概要	Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.
概要	Java Runtime Environment (JRE) en Sun JDK and JRE v6 Update 10 y anteriores permite a atacantes remotos ejecutar código de su elección mediante un fichero GIF manipulado que provoca una corrupción de memoria durante la visualación de la imagen de bienvenida, posiblemente relacionado con la biblioteca "splashscreen.dll".
公表日	2008年12月5日20:30
登録日	2021年1月29日13:46
最終更新日	2026年4月23日9:35

CVSS2.0 : HIGH
スコア	9.3
ベクター	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:sun:jdk::update_10::::::*		6
cpe:2.3:a:sun:jdk:6:::::::*
cpe:2.3:a:sun:jdk:6:update_1::::::
cpe:2.3:a:sun:jdk:6:update_2::::::
cpe:2.3:a:sun:jdk:6:update_3::::::
cpe:2.3:a:sun:jdk:6:update_4::::::
cpe:2.3:a:sun:jdk:6:update_5::::::
cpe:2.3:a:sun:jdk:6:update_6::::::
cpe:2.3:a:sun:jdk:6:update_7::::::
cpe:2.3:a:sun:jdk:6:update_8::::::
cpe:2.3:a:sun:jre::update_10::::::*		6
cpe:2.3:a:sun:jre:6:::::::*
cpe:2.3:a:sun:jre:6:update_1::::::
cpe:2.3:a:sun:jre:6:update_2::::::
cpe:2.3:a:sun:jre:6:update_3::::::
cpe:2.3:a:sun:jre:6:update_4::::::
cpe:2.3:a:sun:jre:6:update_5::::::
cpe:2.3:a:sun:jre:6:update_6::::::
cpe:2.3:a:sun:jre:6:update_7::::::
cpe:2.3:a:sun:jre:6:update_8::::::

関連情報、対策とツール

No	URL	refsource
1	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758	cve@mitre.org
2	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html	cve@mitre.org
3	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html	cve@mitre.org
4	http://marc.info/?l=bugtraq&m=123678756409861&w=2	cve@mitre.org
5	http://marc.info/?l=bugtraq&m=126583436323697&w=2	cve@mitre.org
6	http://osvdb.org/50515	cve@mitre.org
7	http://rhn.redhat.com/errata/RHSA-2008-1018.html	cve@mitre.org
8	http://secunia.com/advisories/32991	cve@mitre.org
9	http://secunia.com/advisories/33015	cve@mitre.org
10	http://secunia.com/advisories/33187	cve@mitre.org
11	http://secunia.com/advisories/33709	cve@mitre.org
12	http://secunia.com/advisories/34233	cve@mitre.org
13	http://secunia.com/advisories/34259	cve@mitre.org
14	http://secunia.com/advisories/34447	cve@mitre.org
15	http://secunia.com/advisories/34605	cve@mitre.org
16	http://secunia.com/advisories/37386	cve@mitre.org
17	http://secunia.com/advisories/38539	cve@mitre.org
18	http://security.gentoo.org/glsa/glsa-200911-02.xml	cve@mitre.org
19	http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1	cve@mitre.org
20	http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm	cve@mitre.org
21	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=	cve@mitre.org
22	http://www.redhat.com/support/errata/RHSA-2009-0369.html	cve@mitre.org
23	http://www.securityfocus.com/bid/32608	cve@mitre.org
24	http://www.us-cert.gov/cas/techalerts/TA08-340A.html	cve@mitre.org
25	http://www.vupen.com/english/advisories/2008/3339	cve@mitre.org
26	http://www.vupen.com/english/advisories/2009/0672	cve@mitre.org
27	http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf	cve@mitre.org
28	https://exchange.xforce.ibmcloud.com/vulnerabilities/47049	cve@mitre.org
29	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6319	cve@mitre.org
30	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758	af854a3a-2127-422b-91ae-364da2661108
31	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html	af854a3a-2127-422b-91ae-364da2661108
32	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
33	http://marc.info/?l=bugtraq&m=123678756409861&w=2	af854a3a-2127-422b-91ae-364da2661108
34	http://marc.info/?l=bugtraq&m=126583436323697&w=2	af854a3a-2127-422b-91ae-364da2661108
35	http://osvdb.org/50515	af854a3a-2127-422b-91ae-364da2661108
36	http://rhn.redhat.com/errata/RHSA-2008-1018.html	af854a3a-2127-422b-91ae-364da2661108
37	http://secunia.com/advisories/32991	af854a3a-2127-422b-91ae-364da2661108
38	http://secunia.com/advisories/33015	af854a3a-2127-422b-91ae-364da2661108
39	http://secunia.com/advisories/33187	af854a3a-2127-422b-91ae-364da2661108
40	http://secunia.com/advisories/33709	af854a3a-2127-422b-91ae-364da2661108
41	http://secunia.com/advisories/34233	af854a3a-2127-422b-91ae-364da2661108
42	http://secunia.com/advisories/34259	af854a3a-2127-422b-91ae-364da2661108
43	http://secunia.com/advisories/34447	af854a3a-2127-422b-91ae-364da2661108
44	http://secunia.com/advisories/34605	af854a3a-2127-422b-91ae-364da2661108
45	http://secunia.com/advisories/37386	af854a3a-2127-422b-91ae-364da2661108
46	http://secunia.com/advisories/38539	af854a3a-2127-422b-91ae-364da2661108
47	http://security.gentoo.org/glsa/glsa-200911-02.xml	af854a3a-2127-422b-91ae-364da2661108
48	http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1	af854a3a-2127-422b-91ae-364da2661108
49	http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm	af854a3a-2127-422b-91ae-364da2661108
50	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=	af854a3a-2127-422b-91ae-364da2661108
51	http://www.redhat.com/support/errata/RHSA-2009-0369.html	af854a3a-2127-422b-91ae-364da2661108
52	http://www.securityfocus.com/bid/32608	af854a3a-2127-422b-91ae-364da2661108
53	http://www.us-cert.gov/cas/techalerts/TA08-340A.html	af854a3a-2127-422b-91ae-364da2661108
54	http://www.vupen.com/english/advisories/2008/3339	af854a3a-2127-422b-91ae-364da2661108
55	http://www.vupen.com/english/advisories/2009/0672	af854a3a-2127-422b-91ae-364da2661108
56	http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf	af854a3a-2127-422b-91ae-364da2661108
57	https://exchange.xforce.ibmcloud.com/vulnerabilities/47049	af854a3a-2127-422b-91ae-364da2661108
58	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6319	af854a3a-2127-422b-91ae-364da2661108

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

構成1	以上	以下	より上	未満
cpe:2.3:a:sun:jdk::update_10::::::*		6
cpe:2.3:a:sun:jdk:6:::::::*
cpe:2.3:a:sun:jdk:6:update_1::::::
cpe:2.3:a:sun:jdk:6:update_2::::::
cpe:2.3:a:sun:jdk:6:update_3::::::
cpe:2.3:a:sun:jdk:6:update_4::::::
cpe:2.3:a:sun:jdk:6:update_5::::::
cpe:2.3:a:sun:jdk:6:update_6::::::
cpe:2.3:a:sun:jdk:6:update_7::::::
cpe:2.3:a:sun:jdk:6:update_8::::::
cpe:2.3:a:sun:jre::update_10::::::*		6
cpe:2.3:a:sun:jre:6:::::::*
cpe:2.3:a:sun:jre:6:update_1::::::
cpe:2.3:a:sun:jre:6:update_2::::::
cpe:2.3:a:sun:jre:6:update_3::::::
cpe:2.3:a:sun:jre:6:update_4::::::
cpe:2.3:a:sun:jre:6:update_5::::::
cpe:2.3:a:sun:jre:6:update_6::::::
cpe:2.3:a:sun:jre:6:update_7::::::
cpe:2.3:a:sun:jre:6:update_8::::::