CVE-2008-4910

Published: Nov 4, 2008Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.

Affected (1)

Products: Sun: Java Web Start

Sun

1 product

Java Web Start

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sun Java Web Start	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://securityreason.com/securityalert/4542

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/497799/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/497972/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/31916

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/46119

Source: cve@mitre.org

http://securityreason.com/securityalert/4542