CVE Vulnerability

CVE-2007-0012

Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.securityfocus.com/bid/27185
http://securityreason.com/securityalert/3527
https://exchange.xforce.ibmcloud.com/vulnerabilities/39549
http://www.securityfocus.com/archive/1/485942/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:sun:jre:*:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update9:*:*:*:*:*:*
Information

Published : 2008-01-09 11:46

Updated : 2018-10-16 04:30

NVD link : CVE-2007-0012

Mitre link : CVE-2007-0012

Products Affected
No products.
CWE
CWE-20