CVE-2010-0843

Oracle Java SE/JFB - Info Disclosure

Title source: llm
STIX 2.1

Description

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.

References (34)

Core 34
Core References
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=134254866602253&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39317
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0383.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40545
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-052/
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1454
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39819
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39083
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0338.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1793
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/63492
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43308
Various Sources vendor-advisory x_refsource_hp
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=127557596201693&w=2
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4170
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1523
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39659
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14092
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0471.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0337.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0489.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40211
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4171
Mailing List mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2010/Apr/41
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1191

Scores

EPSS 0.1001
EPSS Percentile 93.2%

Details

Status published
Products (8)
sun/jdk 1.5.0 update23
sun/jdk 1.6.0 update_18
sun/jre 1.3.1_27
sun/jre 1.4.2_25
sun/jre 1.5.0 update23
sun/jre 1.6.0 update_18
sun/sdk 1.3.1_27
sun/sdk 1.4.2_25
Published Apr 01, 2010
Tracked Since Feb 18, 2026