Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5019Improper Restriction of Operations within the Bounds of a Memory Buffer in JRE

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
10.1%
top 6.89%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SUN JRESUN SDK
Timeline
PublishedSep 20
Latest updateMay 1

Description

Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 1.6.0_X allows remote attackers to have an unknown impact via a long argument to the dnsResolve (isInstalled.dnsResolve) method.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDsun/jre1.6.0_0, 1.6.0_10+1
NVDsun/sdk1.3.0

🔴Vulnerability Details

2
GHSA
GHSA-c5xr-m2wm-p2c8: Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 12022-05-01
CVEList
CVE-2007-5019: Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 12007-09-20

💥Exploits & PoCs

1
Exploit-DB
Sun jre1.6.0_X - isInstalled.dnsResolve Function Overflow2007-09-19
CVE-2007-5019 — SUN JRE vulnerability | cvebase