The OVAL Repository 5.9 2012-01-27T05:11:11.975-05:00 Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 5 The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186, aka "the first issue." Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue." Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors." Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues." Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux 4 Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4. Aharon Chernin DRAFT INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue." Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly. Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." Aharon Chernin DRAFT INTERIM ACCEPTED ACCEPTED