Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities

Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities

Note that some issues may not require exploit code and may be trivial to exploit.

A working commercial exploit for CVE-2008-5358 is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product for CVE-2008-5353. This exploit is not otherwise publicly available or known to be circulating in the wild.

The following exploit for CVE-2008-5353 is available to members of the Immunity Partners program:

https://www.immunityinc.com/downloads/immpartners/java_deserialize01.tar.gz

A proof of concept for CVE-2008-5353 is available from the following location:

http://landonf.bikemonkey.org/static/moab-tests/CVE-2008-5353/hello.html

The following Metasploit exploit module is available for CVE-2008-5353:

/data/vulnerabilities/exploits/CVE-2008-5353-java-calendar-deserialize.rb