| Name | Java.Deserializing.Calendar.Privilege.Elevation |
| Last Updated Date | Jul 23, 2009 |
| Release Date | May 29, 2009 |
| Severity | Critical |
| Impact | Privilege escalation: Remote attackers can leverage their privilege on vulnerable systems. |
| Description | This indicates an attack attempt against a privilege-escalation vulnerability in the Jave Runtime Environment (JRE).
The vulnerability is caused by an error when the affected software handles processes related to deserializing calendar objects. It allows a remote attacker to escalate privileges such as reading, writing and running local files or applications. |
| Affected Products | JRE for Sun JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
JRE 1.4.2_18 and earlier |
| Recommended Actions | Apply the latest update from the vendor:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244991-1 |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-5353
|
| Reference/s | http://www.securityfocus.com/bid/32608 (BugTraq)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244991-1
http://www.us-cert.gov/cas/techalerts/TA08-340A.html
|