VDB
GSD-2008-5353
GSD-2008-5353
PUBLISHED
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Exploit Intelligence
- SSRT090049 (circl)
- SUSE-SA:2009:018 (circl)
- 34259 (circl)
- ADV-2009-0672 (circl)
- RHSA-2008:1018 (circl)
- 33015 (circl)
- http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm (circl)
- 34889 (circl)
- 34233 (circl)
- 1021313 (circl)
…and 42 more exploits
Timeline
- Nov 21, 2007 CVE Published
- Dec 3, 2008 PoC Published
- May 20, 2009 PoC Published
- Sep 20, 2010 PoC Published
- Jan 8, 2011 PoC Published
- May 29, 2018 PoC Published
- Feb 6, 2025 PoC Published
- Feb 13, 2025 PoC Published
- Feb 23, 2025 PoC Published
- Aug 31, 2025 PoC Published
- Aug 31, 2025 PoC Published
- Apr 15, 2026 Security Advisory
References
- SSRT090049 vendor-advisory
- SUSE-SA:2009:018 vendor-advisory
- 34259 third-party-advisory
- ADV-2009-0672 vdb
- RHSA-2008:1018 vendor-advisory
- 33015 third-party-advisory
- http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm url
- 34889 third-party-advisory
- 34233 third-party-advisory
- 1021313 vdb
- http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf url
- http://blog.cr0.org/2009/05/write-once-own-everyone.html url
- SUSE-SA:2009:007 vendor-advisory
- SSRT080111 vendor-advisory
- 38539 third-party-advisory
- http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html url
- 34972 third-party-advisory
- RHSA-2009:0466 vendor-advisory
- SUSE-SR:2009:006 vendor-advisory
- 35065 third-party-advisory
…and 22 more