Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2010-0849

Published: 01/04/2010 Updated: 30/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Jre

Vulnerability Summary

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sun jre 1.6.0

sun jre

sun jdk 1.6.0

sun jdk

sun jdk 1.5.0

sun sdk 1.4.2_13

sun sdk 1.4.2_14

sun sdk 1.4.2_4

sun sdk 1.4.2_5

sun sdk 1.4.2_23

sun sdk 1.4.2_24

sun sdk 1.4.2_1

sun sdk 1.4.2_10

sun sdk 1.4.2_17

sun sdk 1.4.2_18

sun sdk 1.4.2_8

sun sdk 1.4.2_9

sun sdk 1.4.2_20

sun sdk 1.4.2

sun sdk 1.4.2_02

sun sdk 1.4.2_15

sun sdk 1.4.2_16

sun sdk 1.4.2_6

sun sdk 1.4.2_7

sun sdk

sun sdk 1.4.2_11

sun sdk 1.4.2_12

sun sdk 1.4.2_19

sun sdk 1.4.2_3

sun sdk 1.4.2_21

sun sdk 1.4.2_22

sun jre 1.5.0

sun jre 1.4.2_4

sun jre 1.4.2_5

sun jre 1.4.2_11

sun jre 1.4.2_12

sun jre 1.4.2_20

sun jre 1.4.2_21

sun jre 1.4.2

sun jre 1.4.2_1

sun jre 1.4.2_8

sun jre 1.4.2_9

sun jre 1.4.2_16

sun jre 1.4.2_17

sun jre 1.4.2_24

sun jre 1.4.2_6

sun jre 1.4.2_7

sun jre 1.4.2_13

sun jre 1.4.2_14

sun jre 1.4.2_15

sun jre 1.4.2_22

sun jre 1.4.2_23

sun jre 1.4.2_2

sun jre 1.4.2_3

sun jre 1.4.2_10

sun jre 1.4.2_18

sun jre 1.4.2_19

sun jdk 1.3.0_01

sun jdk 1.3.0_02

sun jdk 1.3.1_02

sun jdk 1.3.1_03

sun jdk 1.3.1_04

sun jdk 1.3.1_11

sun jdk 1.3.1_12

sun jdk 1.3.1_19

sun jdk 1.3.1_20

sun jdk 1.3.0_05

sun jdk 1.3.1

sun jdk 1.3.1_07

sun jdk 1.3.1_08

sun jdk 1.3.1_14

sun jdk 1.3.0_03

sun jdk 1.3.0_04

sun jdk 1.3.1_05

sun jdk 1.3.1_06

sun jdk 1.3.1_13

sun jdk 1.3.1_15

sun jdk 1.3.1_21

sun jdk 1.3.1_22

sun jdk 1.3.1_16

sun jdk 1.3.1_23

sun jdk 1.3.1_24

sun jdk 1.3.0

sun jdk 1.3.1_01

sun jdk 1.3.1_01a

sun jdk 1.3.1_09

sun jdk 1.3.1_10

sun jdk 1.3.1_17

sun jdk 1.3.1_18

sun jdk 1.3.1_25

sun jdk 1.3.1_26

sun jre 1.3.0

sun jre 1.3.1

sun jre 1.3.1_09

sun jre 1.3.1_10

sun jre 1.3.1_18

sun jre 1.3.1_19

sun jre 1.3.1_25

sun jre 1.3.1_26

sun jre 1.3.1_03

sun jre 1.3.1_04

sun jre 1.3.1_05

sun jre 1.3.1_06

sun jre 1.3.1_13

sun jre 1.3.1_14

sun jre 1.3.1_15

sun jre 1.3.1_21

sun jre 1.3.1_22

sun jre 1.3.1_11

sun jre 1.3.1_12

sun jre 1.3.1_2

sun jre 1.3.1_20

sun jre 1.3.1_07

sun jre 1.3.1_08

sun jre 1.3.1_16

sun jre 1.3.1_17

sun jre 1.3.1_23

sun jre 1.3.1_24

sun sdk 1.3.0_04

sun sdk 1.3.0_05

sun sdk 1.3.1_06

sun sdk 1.3.1_07

sun sdk 1.3.1_14

sun sdk 1.3.1_15

sun sdk 1.3.1_22

sun sdk 1.3.1_23

sun sdk 1.3.0

sun sdk 1.3.0_01

sun sdk 1.3.1_01a

sun sdk 1.3.1_02

sun sdk 1.3.1_03

sun sdk 1.3.1_10

sun sdk 1.3.1_11

sun sdk 1.3.1_18

sun sdk 1.3.1_19

sun sdk 1.3.1

sun sdk 1.3.1_01

sun sdk 1.3.1_08

sun sdk 1.3.1_09

sun sdk 1.3.1_16

sun sdk 1.3.1_17

sun sdk 1.3.1_24

sun sdk 1.3.1_25

sun sdk 1.3.1_26

sun sdk 1.3.0_02

sun sdk 1.3.0_03

sun sdk 1.3.1_04

sun sdk 1.3.1_05

sun sdk 1.3.1_12

sun sdk 1.3.1_13

sun sdk 1.3.1_20

sun sdk 1.3.1_21

Vendor Advisories

Red Hat: Critical: java-1.6.0-sun security update
Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that correct several security issues arenow available for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThe Red Hat Security Response Team has rated this update as having ...
Red Hat: Critical: java-1.5.0-sun security update
Synopsis Critical: java-150-sun security update Type/Severity Security Advisory: Critical Topic The java-150-sun packages as shipped in Red Hat Enterprise Linux 4 Extrasand 5 Supplementary contain security flaws and should not be usedThe Red Hat Security Response Team has rated this update as having cr ...
Red Hat: Critical: java-1.4.2-ibm security update
Synopsis Critical: java-142-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-142-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4Extras, and Red Hat Enterprise Linux 5 SupplementaryThe Red Ha ...
Red Hat: Moderate: java-1.4.2-ibm-sap security update
Synopsis Moderate: java-142-ibm-sap security update Type/Severity Security Advisory: Moderate Topic Updated java-142-ibm-sap packages that fix several security issues arenow available for Red Hat Enterprise Linux 4 and 5 for SAPThe Red Hat Security Response Team has rated this update as having moderate ...

References

NVD-CWE-noinfohttp://www.zerodayinitiative.com/advisories/ZDI-10-057/http://www.securityfocus.com/bid/39073http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0337.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0338.htmlhttp://secunia.com/advisories/39317http://secunia.com/advisories/39659http://www.redhat.com/support/errata/RHSA-2010-0383.htmlhttp://www.vupen.com/english/advisories/2010/1191http://support.apple.com/kb/HT4170http://lists.apple.com/archives/security-announce/2010//May/msg00001.htmlhttp://secunia.com/advisories/39819http://lists.apple.com/archives/security-announce/2010//May/msg00002.htmlhttp://support.apple.com/kb/HT4171http://www.redhat.com/support/errata/RHSA-2010-0471.htmlhttp://www.vupen.com/english/advisories/2010/1454http://www.redhat.com/support/errata/RHSA-2010-0489.htmlhttp://secunia.com/advisories/40211http://www.vupen.com/english/advisories/2010/1523http://www.vupen.com/english/advisories/2010/1793http://secunia.com/advisories/40545http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlhttp://secunia.com/advisories/43308http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlhttp://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlhttp://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.htmlhttp://marc.info/?l=bugtraq&m=134254866602253&w=2http://marc.info/?l=bugtraq&m=127557596201693&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13795http://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securityfocus.com/archive/1/510548/100/0/threadedhttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2010:0337
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook