Vulnerability Details : CVE-2010-0843
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.
Vulnerability category: Execute code
Products affected by CVE-2010-0843
- cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_27:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_27:*:*:*:*:*:*:*
Threat overview for CVE-2010-0843
Top countries where our scanners detected CVE-2010-0843
Top open port discovered on systems with this issue
80
IPs affected by CVE-2010-0843 719
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-0843!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-0843
15.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0843
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2010-0843
-
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html
Oracle Java SE and Java for Business Critical Patch Update - March 2010
-
http://www.vupen.com/english/advisories/2010/1793
Webmail | OVH- OVHVendor Advisory
-
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
-
http://www.redhat.com/support/errata/RHSA-2010-0489.html
Support
-
http://www.redhat.com/support/errata/RHSA-2010-0338.html
Support
-
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
Oracle Critical Patch Update - October 2010
-
http://www.redhat.com/support/errata/RHSA-2010-0471.html
Support
-
http://www.vupen.com/english/advisories/2010/1523
Webmail | OVH- OVHVendor Advisory
-
http://www.vupen.com/english/advisories/2010/1191
Webmail | OVH- OVHVendor Advisory
-
http://www.zerodayinitiative.com/advisories/ZDI-10-052/
ZDI-10-052 | Zero Day Initiative
-
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:017
-
http://seclists.org/bugtraq/2010/Apr/41
Bugtraq: ZDI-10-052: Sun Java Runtime Environment XNewPtr Remote Code Execution Vulnerability
-
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
VMSA-2011-0003.2
-
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
Apple - Lists.apple.com
-
http://support.apple.com/kb/HT4171
About the security content of Java for Mac OS X 10.6 Update 2 - Apple Support
-
http://marc.info/?l=bugtraq&m=127557596201693&w=2
'[security bulletin] HPSBUX02524 SSRT100089 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary' - MARC
-
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
Apple - Lists.apple.com
-
http://www.redhat.com/support/errata/RHSA-2010-0383.html
Support
-
http://support.apple.com/kb/HT4170
About the security content of Java for Mac OS X 10.5 Update 7 - Apple Support
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14092
Repository / Oval Repository
-
http://www.securityfocus.com/bid/39083
Oracle Java SE and Java for Business 'XNewPtr()' Remote Code Execution Vulnerability
-
http://www.redhat.com/support/errata/RHSA-2010-0337.html
Support
-
http://www.vupen.com/english/advisories/2010/1454
Webmail | OVH- OVHVendor Advisory
-
http://marc.info/?l=bugtraq&m=134254866602253&w=2
'[security bulletin] HPSBMU02799 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.0x Running JD' - MARC
-
http://www.securityfocus.com/archive/1/516397/100/0/threaded
SecurityFocus
-
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:008
-
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
VMware vCenter Server 4.1 Update 1 Release Notes
Jump to