Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0842Improper Handling of Syntactically Invalid Structure in JDK

CWE-228Improper Handling of Syntactically Invalid StructureCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources
Severity
7.5HIGHNVD
EPSS
84.3%
top 0.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
SUN JDKSUN JRESUN SDK
Timeline
PublishedApr 1
Latest updateMay 2

Description

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted Mi

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDsun/jdk1.6.0+38
NVDsun/jre1.6.0+57
NVDsun/sdk1.4.2_25+60

🔴Vulnerability Details

3
GHSA
GHSA-5mqp-g99f-6r5f: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 52022-05-02
CVEList
CVE-2010-0842: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 52010-04-01
VulnCheck
Oracle Java SE and Java for Business Sound Component Vulnerability2010

💥Exploits & PoCs

1
Exploit-DB
Java MixerSequencer Object - GM_Song Structure Handling (Metasploit)2012-02-16

📋Vendor Advisories

2
Red Hat
kernel: sctp: do not reset the packet during sctp_packet_config2010-09-15
Red Hat
JDK multiple unspecified vulnerabilities2010-03-30

💬Community

2
Bugzilla
CVE-2010-3698 kvm: invalid selector in fs/gs causes kernel panic2010-10-04
Bugzilla
CVE-2010-0839 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 JDK multiple unspecified vulnerabilities2010-03-31
CVE-2010-0842 — SUN JDK vulnerability | cvebase