7.5
CVE-2010-0843
- EPSS 6.19%
- Veröffentlicht 01.04.2010 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:16:57
- Quelle secalert_us@oracle.com
- CVE-Watchlists
- Unerledigt
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.19% | 0.926 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
http://secunia.com/advisories/40545
http://www.vupen.com/english/advisories/2010/1793
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
http://secunia.com/advisories/39819
http://support.apple.com/kb/HT4171
http://www.vupen.com/english/advisories/2010/1191
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
http://secunia.com/advisories/39317
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
http://marc.info/?l=bugtraq&m=127557596201693&w=2
http://secunia.com/advisories/43308
http://support.apple.com/kb/HT4170
http://www.redhat.com/support/errata/RHSA-2010-0337.html
http://www.redhat.com/support/errata/RHSA-2010-0338.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html
http://secunia.com/advisories/39659
http://www.redhat.com/support/errata/RHSA-2010-0383.html
http://www.redhat.com/support/errata/RHSA-2010-0471.html
http://www.vupen.com/english/advisories/2010/1454
http://secunia.com/advisories/40211
http://www.redhat.com/support/errata/RHSA-2010-0489.html
http://www.vupen.com/english/advisories/2010/1523
http://osvdb.org/63492
http://seclists.org/bugtraq/2010/Apr/41
http://www.securityfocus.com/bid/39083
http://www.zerodayinitiative.com/advisories/ZDI-10-052/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14092