CVE-2016-0603

2016-02-0816:59:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2016-0603

java se

oracle

windows

remote attackers

confidentiality

integrity

availability

security issue

7.9 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.227 Low

EPSS

Percentile

96.5%

JSON

Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the previous information is from Oracle’s Security Alert for CVE-2016-0603. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the “application directory.”

CPENameOperatorVersion
oracle:jreoracle jreeq1.6.0
oracle:jreoracle jreeq1.7.0
oracle:jreoracle jreeq1.8.0
oracle:jdkoracle jdkeq1.6.0
oracle:jdkoracle jdkeq1.7.0
oracle:jdkoracle jdkeq1.8.0

CPE	Name	Operator	Version
oracle:jre	oracle jre	eq	1.6.0
oracle:jre	oracle jre	eq	1.7.0
oracle:jre	oracle jre	eq	1.8.0
oracle:jdk	oracle jdk	eq	1.6.0
oracle:jdk	oracle jdk	eq	1.7.0
oracle:jdk	oracle jdk	eq	1.8.0