7.5

CVE-2010-0843

EPSS 10.01%
Published 01.04.2010 16:30:00
Last modified 11.04.2025 00:51:21
Source secalert_us@oracle.com
Teams watchlist Login
Open Login

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the March 2010 CPU.  Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.

Affected products Warnungen 0 Metrics 2 CWE 0 References 37

Data is provided by the National Vulnerability Database (NVD)

Sun ≫ Jdk Version1.5.0 Updateupdate23

Sun ≫ Jdk Version1.6.0 Updateupdate_18

Sun ≫ Jre Version1.3.1_27

Sun ≫ Jre Version1.4.2_25

Sun ≫ Jre Version1.5.0 Updateupdate23

Sun ≫ Jre Version1.6.0 Updateupdate_18

Sun ≫ Sdk Version1.3.1_27

Sun ≫ Sdk Version1.4.2_25

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	10.01%	0.927

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.securityfocus.com/archive/1/516397/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

http://secunia.com/advisories/40545

Vendor Advisory

http://www.vupen.com/english/advisories/2010/1793

Vendor Advisory

http://lists.apple.com/archives/security-announce/2010//May/msg00001.html

http://secunia.com/advisories/39819

Vendor Advisory

http://support.apple.com/kb/HT4171

http://www.vupen.com/english/advisories/2010/1191

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

http://secunia.com/advisories/39317

Vendor Advisory

http://marc.info/?l=bugtraq&m=134254866602253&w=2

http://lists.apple.com/archives/security-announce/2010//May/msg00002.html

http://marc.info/?l=bugtraq&m=127557596201693&w=2

http://secunia.com/advisories/43308

Vendor Advisory

http://support.apple.com/kb/HT4170

http://www.redhat.com/support/errata/RHSA-2010-0337.html

http://www.redhat.com/support/errata/RHSA-2010-0338.html

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html

http://secunia.com/advisories/39659

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2010-0383.html

http://www.redhat.com/support/errata/RHSA-2010-0471.html

http://www.vupen.com/english/advisories/2010/1454

Vendor Advisory

http://secunia.com/advisories/40211

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2010-0489.html

http://www.vupen.com/english/advisories/2010/1523

Vendor Advisory

http://osvdb.org/63492

http://seclists.org/bugtraq/2010/Apr/41

http://www.securityfocus.com/bid/39083

http://www.zerodayinitiative.com/advisories/ZDI-10-052/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14092

https://nvd.nist.gov/vuln/detail/CVE-2010-0843

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0843

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0843

EUVD