Lucene search

K
nvd[email protected]NVD:CVE-2010-0843
HistoryApr 01, 2010 - 4:30 p.m.

CVE-2010-0843

2010-04-0116:30:00
web.nvd.nist.gov
8

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

High

EPSS

0.193

Percentile

96.4%

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.

Affected configurations

Nvd
Node
sunjdkMatch1.5.0update23
OR
sunjdkMatch1.6.0update_18
OR
sunjreMatch1.3.1_27
OR
sunjreMatch1.4.2_25
OR
sunjreMatch1.5.0update23
OR
sunjreMatch1.6.0update_18
OR
sunsdkMatch1.3.1_27
OR
sunsdkMatch1.4.2_25
VendorProductVersionCPE
sunjdk1.5.0cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*
sunjdk1.6.0cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
sunjre1.3.1_27cpe:2.3:a:sun:jre:1.3.1_27:*:*:*:*:*:*:*
sunjre1.4.2_25cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
sunjre1.6.0cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
sunsdk1.3.1_27cpe:2.3:a:sun:sdk:1.3.1_27:*:*:*:*:*:*:*
sunsdk1.4.2_25cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*

References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

High

EPSS

0.193

Percentile

96.4%