Vulnerability

Sun Java Runtime Environment and Java Development Kit Security Vulnerability

Publish date: July 21, 2015

CVE-2008-5353

SEVERITY

CRITICAL

//  ADVISORY DATE

21 JUL 2015


DESCRIPTION

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".

TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

SOLUTION

Trend Micro Deep Security DPI Rule Number: 1004870

Trend Micro Deep Security DPI Rule Name: 1004870 - Identified Suspicious Jar File

AFFECTED SOFTWARE AND VERSION

  • sun jdk 5.0
  • sun jdk 6
  • sun jre 1.4.2_1
  • sun jre 1.4.2_10
  • sun jre 1.4.2_11
  • sun jre 1.4.2_12
  • sun jre 1.4.2_13
  • sun jre 1.4.2_14
  • sun jre 1.4.2_15
  • sun jre 1.4.2_16
  • sun jre 1.4.2_17
  • sun jre 1.4.2_18
  • sun jre 1.4.2_2
  • sun jre 1.4.2_3
  • sun jre 1.4.2_4
  • sun jre 1.4.2_5
  • sun jre 1.4.2_6
  • sun jre 1.4.2_7
  • sun jre 1.4.2_8
  • sun jre 1.4.2_9
  • sun jre 5.0
  • sun jre 6
  • sun sdk 1.4.2_1
  • sun sdk 1.4.2_10
  • sun sdk 1.4.2_11
  • sun sdk 1.4.2_12
  • sun sdk 1.4.2_13
  • sun sdk 1.4.2_14
  • sun sdk 1.4.2_15
  • sun sdk 1.4.2_16
  • sun sdk 1.4.2_17
  • sun sdk 1.4.2_18
  • sun sdk 1.4.2_2
  • sun sdk 1.4.2_3
  • sun sdk 1.4.2_4
  • sun sdk 1.4.2_5
  • sun sdk 1.4.2_6
  • sun sdk 1.4.2_7
  • sun sdk 1.4.2_8
  • sun sdk 1.4.2_9

Featured Stories

Connect with us on