7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.037 Low
EPSS
Percentile
91.7%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Type1 fonts in t2k.dll. A file parsing vulnerability can occur by controlling a value placed after the “/Subrs” keyword in the eexec portion of the file which defines a size of an array. An attacker can leverage this to gain code execution under the context of the current user.