CVE-2010-3559

2010-10-1922:00:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

oracle

java

vulnerability

sound component

remote attackers

confidentiality

integrity

availability

cve-2010-3559

buffer overflow

6.7 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.292 Low

EPSS

Percentile

96.9%

JSON

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.

CPENameOperatorVersion
sun:jresun jreeq1.6.0
sun:jdksun jdkeq1.6.0
sun:jdksun jdkeq1.5.0
sun:sdksun sdkle1.4.2_27
sun:sdksun sdkeq1.4.2_19
sun:sdksun sdkeq1.4.2
sun:sdksun sdkeq1.4.2_26
sun:sdksun sdkeq1.4.2_10
sun:sdksun sdkeq1.4.2_12
sun:sdksun sdkeq1.4.2_17

CPE	Name	Operator	Version
sun:jre	sun jre	eq	1.6.0
sun:jdk	sun jdk	eq	1.6.0
sun:jdk	sun jdk	eq	1.5.0
sun:sdk	sun sdk	le	1.4.2_27
sun:sdk	sun sdk	eq	1.4.2_19
sun:sdk	sun sdk	eq	1.4.2
sun:sdk	sun sdk	eq	1.4.2_26
sun:sdk	sun sdk	eq	1.4.2_10
sun:sdk	sun sdk	eq	1.4.2_12
sun:sdk	sun sdk	eq	1.4.2_17