Vulnerability Name: | CVE-2010-3552 (CCN-57958) | ||||||||||||||||||||||||||||||||
Assigned: | 2010-04-20 | ||||||||||||||||||||||||||||||||
Published: | 2010-04-20 | ||||||||||||||||||||||||||||||||
Updated: | 2017-09-19 | ||||||||||||||||||||||||||||||||
Summary: | Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html 'May be vulnerable only through untrusted Java Web Start applications and Java applets.' | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
6.2 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-noinfo | ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2010-3552 Source: HP Type: UNKNOWN SSRT100333 Source: SUSE Type: UNKNOWN SUSE-SR:2010:019 Source: HP Type: UNKNOWN HPSBMU02799 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/css/P8/documents/100114315 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/css/P8/documents/100123193 Source: CONFIRM Type: Patch, Vendor Advisory http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html Source: REDHAT Type: UNKNOWN RHSA-2010:0770 Source: XF Type: UNKNOWN html-browser-plugin-overflow(57958) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11829 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:12004 Source: SUSE Type: SUSE-SA:2011:006 IBM Java 6 security update | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration RedHat 1: Configuration RedHat 2: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
Vulnerability Name: | CVE-2010-3552 (CCN-62506) | ||||||||||||||||||||||||||||||||
Assigned: | 2010-10-12 | ||||||||||||||||||||||||||||||||
Published: | 2010-10-12 | ||||||||||||||||||||||||||||||||
Updated: | 2010-10-12 | ||||||||||||||||||||||||||||||||
Summary: | Oracle Java SE and Java for Business is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Internet Explorer Java Plug-in JP2IEXP.dll. By persuading a victim to visit a Web page containing a specially-crafted applet, a remote attacker could exploit this vulnerability using the docbase parameter to overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the affected application to crash. | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
6.2 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2010-3552 Source: CCN Type: RHSA-2010-0770 Critical: java-1.6.0-sun security update Source: CCN Type: SA41791 Sun Java JDK / JRE / SDK Multiple Vulnerabilities Source: CCN Type: IBM Security Protection Advisory Java Plug-in for Internet Explorer Remote Code Execution Source: CCN Type: Oracle Java SE and Java for Business Critical Patch Update Advisory - October 2010 Oracle Java SE and Java for Business Critical Patch Update Advisory - October 2010 Source: CCN Type: BID-44023 Oracle Java SE and Java for Business CVE-2010-3552 Remote New Java Plug-in Vulnerability Source: XF Type: UNKNOWN ojsejb-newjava-jp2Iiexp-bo(62506) Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [10-13-2010] Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [01-08-2011] Source: SUSE Type: SUSE-SR:2010:019 SUSE Security Summary Report Source: CCN Type: ZDI-10-206 Oracle Java IE Browser Plugin docbase Parameter Remote Code Execution Vulnerability | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
BACK |