7.5

CVE-2010-0843

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the March 2010 CPU.  Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJdk Version1.5.0 Updateupdate23
SunJdk Version1.6.0 Updateupdate_18
SunJre Version1.3.1_27
SunJre Version1.4.2_25
SunJre Version1.5.0 Updateupdate23
SunJre Version1.6.0 Updateupdate_18
SunSdk Version1.3.1_27
SunSdk Version1.4.2_25
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.19% 0.926
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
http://secunia.com/advisories/40545
Vendor Advisory
http://www.vupen.com/english/advisories/2010/1793
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
http://secunia.com/advisories/39819
Vendor Advisory
http://support.apple.com/kb/HT4171
http://www.vupen.com/english/advisories/2010/1191
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
http://secunia.com/advisories/39317
Vendor Advisory
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
http://marc.info/?l=bugtraq&m=127557596201693&w=2
http://secunia.com/advisories/43308
Vendor Advisory
http://support.apple.com/kb/HT4170
http://www.redhat.com/support/errata/RHSA-2010-0337.html
http://www.redhat.com/support/errata/RHSA-2010-0338.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html
http://secunia.com/advisories/39659
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0383.html
http://www.redhat.com/support/errata/RHSA-2010-0471.html
http://www.vupen.com/english/advisories/2010/1454
Vendor Advisory
http://secunia.com/advisories/40211
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0489.html
http://www.vupen.com/english/advisories/2010/1523
Vendor Advisory
http://osvdb.org/63492
http://seclists.org/bugtraq/2010/Apr/41
http://www.securityfocus.com/bid/39083
http://www.zerodayinitiative.com/advisories/ZDI-10-052/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14092