New Search

Sun Java Runtime Environment 'Calendar.readObject' Bug Lets Remote Applets Gain Elevated Privileges

oval:org.mitre.oval:def:6511

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization which allows remote attackers to run untrusted applets and applications in a privileged context as demonstrated by "deserializing Calendar objects".

Family:
unix
Status:
ACCEPTED
Platform(s):
  • VMWare ESX Server 3.5
Class:
vulnerability
Reference(s):
  • CVE-2008-5353
Product(s):