6.8

CVE-2007-0243

Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJdk Updateupdate9 Version <= 1.5.0
SunJdk Version1.5.0 Updateupdate3
SunJdk Version1.5.0 Updateupdate4
SunJdk Version1.5.0 Updateupdate5
SunJdk Version1.5.0 Updateupdate7
SunJdk Version1.5.0 Updateupdate8
SunJre Updateupdate18 Version <= 1.3.1
SunJre Version1.3.1 Updateupdate16
SunJre Version1.4.2_1
SunJre Version1.4.2_2
SunJre Version1.4.2_3
SunJre Version1.4.2_4
SunJre Version1.4.2_5
SunJre Version1.4.2_6
SunJre Version1.4.2_7
SunJre Version1.4.2_8
SunJre Version1.4.2_9
SunJre Version1.4.2_10
SunJre Version1.4.2_11
SunJre Version1.4.2_12
SunJre Version1.5.0 Updateupdate3
SunJre Version1.5.0 Updateupdate4
SunJre Version1.5.0 Updateupdate5
SunJre Version1.5.0 Updateupdate6
SunJre Version1.5.0 Updateupdate7
SunJre Version1.5.0 Updateupdate8
SunJre Version1.5.0 Updateupdate9
SunSdk Version1.3.1_01
SunSdk Version1.3.1_01a
SunSdk Version1.3.1_16
SunSdk Version1.3.1_18
SunSdk Version1.4.2
SunSdk Version1.4.2_03
SunSdk Version1.4.2_08
SunSdk Version1.4.2_09
SunSdk Version1.4.2_10
SunSdk Version1.4.2_12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.99% 0.953
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://docs.info.apple.com/article.html?artnum=307177
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://secunia.com/advisories/28115
http://www.vupen.com/english/advisories/2007/4224
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579
http://secunia.com/advisories/24189
http://secunia.com/advisories/24468
http://secunia.com/advisories/25283
http://security.gentoo.org/glsa/glsa-200702-08.xml
http://www.us-cert.gov/cas/techalerts/TA07-022A.html
US Government Resource
http://www.vupen.com/english/advisories/2007/0936
http://www.vupen.com/english/advisories/2007/1814
http://secunia.com/advisories/26049
http://secunia.com/advisories/26119
http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html
http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html
http://www.novell.com/linux/security/advisories/2007_45_java.html
http://dev2dev.bea.com/pub/advisory/242
http://osvdb.org/32834
http://secunia.com/advisories/23757
http://secunia.com/advisories/24202
http://secunia.com/advisories/24993
http://secunia.com/advisories/26645
http://secunia.com/advisories/27203
http://securityreason.com/securityalert/2158
http://securitytracker.com/id?1017520
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
Patch
http://www.gentoo.org/security/en/glsa/glsa-200702-07.xml
http://www.kb.cert.org/vuls/id/388289
US Government Resource
http://www.redhat.com/support/errata/RHSA-2007-0166.html
http://www.redhat.com/support/errata/RHSA-2007-0167.html
http://www.redhat.com/support/errata/RHSA-2007-0956.html
http://www.securityfocus.com/archive/1/457159/100/0/threaded
http://www.securityfocus.com/archive/1/457638/100/0/threaded
http://www.securityfocus.com/bid/22085
http://www.vupen.com/english/advisories/2007/0211
http://www.zerodayinitiative.com/advisories/ZDI-07-005.html
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31537
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073