Loading
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".
Use Sun vendor hub and Jdk product page to widen CVE-2008-5353 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2013-5824, CVE-2013-5850 and CVE-2013-5832 for nearby disclosures in the same product family.