CVE-2007-0012Improper Input Validation in JRE

CWE-20Improper Input Validation5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.7%
top 28.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SUN JRE
Timeline
PublishedJan 9
Latest updateMay 1

Description

Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDsun/jre1.5.0

🔴Vulnerability Details

2
GHSA
GHSA-5988-7686-p485: Sun JRE 52022-05-01
CVEList
CVE-2007-0012: Sun JRE 52008-01-09

📋Vendor Advisories

1
Red Hat
J2RE DoS with undefined name attribute2008-01-08

💬Community

1
Bugzilla
CVE-2007-0012 J2RE DoS with undefined name attribute2008-01-10
CVE-2007-0012 — Improper Input Validation in SUN JRE | cvebase