Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4381 — JDK vulnerability

6 documents6 sources

Severity

9.3CRITICALNVD

EPSS

18.4%

top 4.75%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SUN JDK SUN JRE SUN SDK

Timeline

PublishedAug 17

Latest updateMay 1

Description

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDsun/jdk1.5.0

▶NVDsun/jre1.4.2

▶NVDsun/sdk1.4.2_14

🔴Vulnerability Details

GHSA

GHSA-265x-54h3-3643: Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5↗2022-05-01

▶

CVEList

CVE-2007-4381: Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5↗2007-08-17

▶

💥Exploits & PoCs

Exploit-DB

Sun Java Runtime Environment 1.4.2 - Font Parsing Privilege Escalation↗2007-08-15

▶

📋Vendor Advisories

Red Hat

java: Vulnerability in the font parsing code↗2007-08-15

▶

💬Community

Bugzilla

CVE-2007-4381 java: Vulnerability in the font parsing code↗2007-08-20

▶