Vulnerability Name:

CVE-2008-5662 (CCN-47376)

Assigned:2008-12-15
Published:2008-12-15
Updated:2017-08-08
Summary:Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC 2.5.2 and earlier allow downloaded programs to execute arbitrary code via unknown vectors.
Per http://sunsolve.sun.com/search/document.do?assetkey=1-26-247566-1

These issues are addressed in the following releases:

* Sun Java Wireless Toolkit for CLDC 2.5.2_01 or later

Sun Java Wireless Toolkit for CLDC is available at:

* http://java.sun.com/products/sjwtoolkit/
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-5662

Source: CCN
Type: Sun Web site
Sun Java Wireless Toolkit for CLDC

Source: CCN
Type: SA33159
Sun Java Wireless Toolkit for CLDC Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
33159

Source: CCN
Type: SECTRACK ID: 1021414
Sun Java Wireless Toolkit Buffer Overflows Let Remote Users Execute Arbitrary Code

Source: SUNALERT
Type: Patch, Vendor Advisory
247566

Source: CCN
Type: Sun Alert ID: 247566
Buffer Overflow Vulnerabilities in Sun Java Wireless Toolkit for CLDC may Allow an Application to Escalate Privileges

Source: SUNALERT
Type: UNKNOWN
1019851

Source: CCN
Type: OSVDB ID: 50938
Sun Java Wireless Toolkit (WTK) for CLDC Multiple Unspecified Overflows

Source: BID
Type: UNKNOWN
32862

Source: CCN
Type: BID-32862
Sun Java Wireless Toolkit Unspecified Remote Stack Based Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021414

Source: VUPEN
Type: UNKNOWN
ADV-2008-3439

Source: XF
Type: UNKNOWN
sun-java-wtk-unspecified-bo(47376)

Source: XF
Type: UNKNOWN
sun-java-wtk-unspecified-bo(47376)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:java_wireless_toolkit_for_cldc:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_wireless_toolkit_for_cldc:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_wireless_toolkit_for_cldc:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_wireless_toolkit_for_cldc:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_wireless_toolkit_for_cldc:*:*:*:*:*:*:*:* (Version <= 2.5.2)

    • Configuration CCN 1:
  • cpe:/a:sun:java_wireless_toolkit_for_cldc:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_wireless_toolkit_for_cldc:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_wireless_toolkit_for_cldc:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_wireless_toolkit_for_cldc:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_wireless_toolkit_for_cldc:1.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun java wireless toolkit for cldc 1.0
    sun java wireless toolkit for cldc 2.2
    sun java wireless toolkit for cldc 2.5
    sun java wireless toolkit for cldc 2.5.1
    sun java wireless toolkit for cldc *
    sun java wireless toolkit for cldc 2.5.2
    sun java wireless toolkit for cldc 2.5.1
    sun java wireless toolkit for cldc 2.5
    sun java wireless toolkit for cldc 2.2
    sun java wireless toolkit for cldc 1.0