6.8

CVE-2007-3655

Exploit
Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJre Version1.5.0 Updateupdate1
SunJre Version1.5.0 Updateupdate10
SunJre Version1.5.0 Updateupdate11
SunJre Version1.5.0 Updateupdate2
SunJre Version1.5.0 Updateupdate3
SunJre Version1.5.0 Updateupdate4
SunJre Version1.5.0 Updateupdate5
SunJre Version1.5.0 Updateupdate6
SunJre Version1.5.0 Updateupdate7
SunJre Version1.5.0 Updateupdate8
SunJre Version1.5.0 Updateupdate9
SunJre Version1.6.0 Updateupdate_1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.27% 0.957
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://docs.info.apple.com/article.html?artnum=307177
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://secunia.com/advisories/28115
Vendor Advisory
http://www.vupen.com/english/advisories/2007/4224
Vendor Advisory
http://secunia.com/advisories/26369
Vendor Advisory
http://secunia.com/advisories/29858
Vendor Advisory
http://secunia.com/advisories/30780
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200804-28.xml
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
http://www.redhat.com/support/errata/RHSA-2007-0829.html
http://secunia.com/advisories/27266
Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html
http://secunia.com/advisories/26314
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0818.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.html
http://osvdb.org/37756
http://research.eeye.com/html/advisories/published/AD20070705.html
http://secunia.com/advisories/25981
Vendor Advisory
http://securityreason.com/securityalert/2874
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1
http://www.exploit-db.com/exploits/30284
http://www.securityfocus.com/archive/1/473224/100/0/threaded
http://www.securityfocus.com/archive/1/473356/100/0/threaded
http://www.securityfocus.com/bid/24832
Exploit
http://www.securitytracker.com/id?1018346
http://www.vupen.com/english/advisories/2007/2477
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35320
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11367