CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
76.0%
Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of
service (Internet Explorer crash) via an object tag with an encoded applet
and an undefined name attribute, which triggers a NULL pointer dereference
in jpiexp32.dll when the applet is decoded and passed to the JVM.
Author | Note |
---|---|
jdstrand | browser bug and almost definitely Windows specific |
mdeslaur | advisory says java6 is not affected |