Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-0243


Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.


Published

2007-01-17T22:28:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-119

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sun jdk ≤ 1.5.0 Yes
Application sun jdk 1.5.0 Yes
Application sun jdk 1.5.0 Yes
Application sun jdk 1.5.0 Yes
Application sun jdk 1.5.0 Yes
Application sun jdk 1.5.0 Yes
Application sun jre ≤ 1.3.1 Yes
Application sun jre 1.3.1 Yes
Application sun jre 1.4.2_1 Yes
Application sun jre 1.4.2_2 Yes
Application sun jre 1.4.2_3 Yes
Application sun jre 1.4.2_4 Yes
Application sun jre 1.4.2_5 Yes
Application sun jre 1.4.2_6 Yes
Application sun jre 1.4.2_7 Yes
Application sun jre 1.4.2_8 Yes
Application sun jre 1.4.2_9 Yes
Application sun jre 1.4.2_10 Yes
Application sun jre 1.4.2_11 Yes
Application sun jre 1.4.2_12 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun sdk 1.3.1_01 Yes
Application sun sdk 1.3.1_01a Yes
Application sun sdk 1.3.1_16 Yes
Application sun sdk 1.3.1_18 Yes
Application sun sdk 1.4.2 Yes
Application sun sdk 1.4.2_03 Yes
Application sun sdk 1.4.2_08 Yes
Application sun sdk 1.4.2_09 Yes
Application sun sdk 1.4.2_10 Yes
Application sun sdk 1.4.2_12 Yes

References