Vulnerability Details : CVE-2016-0603
Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the previous information is from Oracle's Security Alert for CVE-2016-0603. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory."
Products affected by CVE-2016-0603
- cpe:2.3:a:oracle:jdk:1.8.0:update72:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update111:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update95:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update111:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update95:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update71:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update72:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-0603
17.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-0603
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST |
References for CVE-2016-0603
-
https://security.gentoo.org/glsa/201610-08
Oracle JRE/JDK: Multiple vulnerabilities (GLSA 201610-08) — Gentoo security
-
https://security.netapp.com/advisory/ntap-20160217-0001/
CVE-2016-0603 Java Platform Standard Edition Vulnerability in Multiple NetApp Products | NetApp Product Security
-
http://www.securityfocus.com/bid/83008
Oracle Java SE CVE-2016-0603 Remote Security Vulnerability
-
http://www.securityfocus.com/archive/1/537462/100/0/threaded
SecurityFocus
-
http://seclists.org/fulldisclosure/2016/Feb/54
Full Disclosure: [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
-
http://www.securitytracker.com/id/1034969
Oracle Java SE Windows Installation Bug Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html
Oracle Security Alert CVE-2016-0603Vendor Advisory
Jump to