CVE-2007-0012

2008-01-0923:46:00

CWE-20

[email protected]

web.nvd.nist.gov

sun

jre 5.0

update 14

null pointer dereference

denial of service

cve-2007-0012

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.5

Confidence

High

EPSS

0.005

Percentile

76.0%

JSON

Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM.

Affected configurations

NVD

Node

sunjreRange≤1.5.0update10

sunjreRange≤1.5.0update11

sunjreRange≤1.5.0update12

sunjreRange≤1.5.0update13

sunjreRange≤1.5.0update7

sunjreRange≤1.5.0update8

sunjreRange≤1.5.0update9

VendorProductVersionCPE
sunjrecpe:/a:sun:jre::update13::
sunjrecpe:/a:sun:jre::update9::
sunjrecpe:/a:sun:jre::update8::
sunjrecpe:/a:sun:jre::update10::
sunjrecpe:/a:sun:jre::update7::
sunjrecpe:/a:sun:jre::update12::
sunjrecpe:/a:sun:jre::update11::

Vendor	Product	CPE
sun	jre	cpe:/a:sun:jre::update13::
sun	jre	cpe:/a:sun:jre::update9::
sun	jre	cpe:/a:sun:jre::update8::
sun	jre	cpe:/a:sun:jre::update10::
sun	jre	cpe:/a:sun:jre::update7::
sun	jre	cpe:/a:sun:jre::update12::
sun	jre	cpe:/a:sun:jre::update11::