CVE-2010-3559

Published: 19/10/2010 Updated: 30/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows malicious users to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun jre 1.6.0
sun jre
sun jdk 1.6.0
sun jdk
sun jdk 1.5.0
sun sdk
sun sdk 1.4.2 19
sun sdk 1.4.2
sun sdk 1.4.2 26
sun sdk 1.4.2 10
sun sdk 1.4.2 12
sun sdk 1.4.2 17
sun sdk 1.4.2 14
sun sdk 1.4.2 21
sun sdk 1.4.2 13
sun sdk 1.4.2 6
sun sdk 1.4.2 23
sun sdk 1.4.2 5
sun sdk 1.4.2 1
sun sdk 1.4.2 18
sun sdk 1.4.2 4
sun sdk 1.4.2 22
sun sdk 1.4.2 7
sun sdk 1.4.2 8
sun sdk 1.4.2 25
sun sdk 1.4.2 02
sun sdk 1.4.2 16
sun sdk 1.4.2 11
sun sdk 1.4.2 9
sun sdk 1.4.2 20
sun sdk 1.4.2 3
sun sdk 1.4.2 24
sun sdk 1.4.2 15
sun jre 1.5.0
sun jre 1.4.2 26
sun jre 1.4.2 7
sun jre 1.4.2 16
sun jre 1.4.2 24
sun jre 1.4.2 4
sun jre 1.4.2 2
sun jre 1.4.2 19
sun jre 1.4.2 25
sun jre 1.4.2 15
sun jre 1.4.2 13
sun jre 1.4.2 1
sun jre 1.4.2 8
sun jre 1.4.2 12
sun jre 1.4.2 18
sun jre 1.4.2 22
sun jre 1.4.2 14
sun jre 1.4.2 10
sun jre 1.4.2 17
sun jre 1.4.2 9
sun jre 1.4.2
sun jre 1.4.2 21
sun jre 1.4.2 11
sun jre 1.4.2 23
sun jre 1.4.2 3
sun jre 1.4.2 20
sun jre 1.4.2 5
sun jre 1.4.2 6
sun jdk 1.3.1 16
sun jdk 1.3.1 02
sun jdk 1.3.1 27
sun jdk 1.3.1 12
sun jdk 1.3.1 14
sun jdk 1.3.1 19
sun jdk 1.3.1 25
sun jdk 1.3.1 04
sun jdk 1.3.1 21
sun jdk 1.3.1 05
sun jdk 1.3.1 09
sun jdk 1.3.1 03
sun jdk 1.3.1 26
sun jdk 1.3.1 11
sun jdk 1.3.0 03
sun jdk 1.3.1 17
sun jdk 1.3.1 15
sun jdk 1.3.1 01a
sun jdk 1.3.1 07
sun jdk 1.3.1 13
sun jdk 1.3.0
sun jdk 1.3.1 08
sun jdk 1.3.0 01
sun jdk 1.3.0 04
sun jdk 1.3.1 20
sun jdk 1.3.1 24
sun jdk 1.3.1 18
sun jdk 1.3.0 02
sun jdk 1.3.1 10
sun jdk 1.3.1 06
sun jdk 1.3.1 23
sun jdk 1.3.1 22
sun jdk 1.3.1 01
sun jdk 1.3.0 05
sun jdk 1.3.1
sun jre 1.3.1
sun jre 1.3.1 10
sun jre 1.3.1 06
sun jre 1.3.0
sun jre 1.3.1 20
sun jre 1.3.1 22
sun jre 1.3.1 25
sun jre 1.3.1 2
sun jre 1.3.1 16
sun jre 1.3.1 19
sun jre 1.3.1 11
sun jre 1.3.1 17
sun jre 1.3.1 12
sun jre 1.3.1 03
sun jre 1.3.1 14
sun jre 1.3.1 24
sun jre 1.3.1 08
sun jre 1.3.1 07
sun jre 1.3.1 05
sun jre 1.3.1 13
sun jre 1.3.1 04
sun jre 1.3.1 09
sun jre 1.3.1 18
sun jre 1.3.1 27
sun jre 1.3.1 23
sun jre 1.3.1 15
sun jre 1.3.1 26
sun jre 1.3.1 21
sun sdk 1.3.1 03
sun sdk 1.3.1 23
sun sdk 1.3.1 19
sun sdk 1.3.1
sun sdk 1.3.1 08
sun sdk 1.3.1 25
sun sdk 1.3.1 15
sun sdk 1.3.1 07
sun sdk 1.3.1 10
sun sdk 1.3.1 06
sun sdk 1.3.1 12
sun sdk 1.3.0 01
sun sdk 1.3.1 20
sun sdk 1.3.1 17
sun sdk 1.3.1 02
sun sdk 1.3.1 18
sun sdk 1.3.1 01
sun sdk 1.3.1 16
sun sdk 1.3.1 01a
sun sdk 1.3.1 22
sun sdk 1.3.1 14
sun sdk 1.3.1 13
sun sdk 1.3.0 04
sun sdk 1.3.0
sun sdk 1.3.1 24
sun sdk 1.3.0 03
sun sdk 1.3.1 09
sun sdk 1.3.1 04
sun sdk 1.3.1 21
sun sdk 1.3.1 05
sun sdk 1.3.0 05
sun sdk 1.3.0 02
sun sdk 1.3.1 27
sun sdk 1.3.1 11
sun sdk 1.3.1 26

Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThe Red Hat Security Response Team has rated this update as having cri ...

MIT Kerberos contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition The vulnerability is in the GSS-API acceptor component due to lack of pointer validation  An authenticated, remote attacker could exploit the vulnerability by making a crafted request to the affected componen ...

NVD-CWE-noinfo http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html http://support.avaya.com/css/P8/documents/100114315 http://www.redhat.com/support/errata/RHSA-2010-0770.html http://www.redhat.com/support/errata/RHSA-2010-0807.html http://secunia.com/advisories/41967 http://www.redhat.com/support/errata/RHSA-2010-0873.html http://www.securityfocus.com/bid/44026 http://www.zerodayinitiative.com/advisories/ZDI-10-208/http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://support.avaya.com/css/P8/documents/100123193 http://secunia.com/advisories/42974 http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://marc.info/?l=bugtraq&m=134254866602253&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12556 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11880 http://www.securityfocus.com/archive/1/516397/100/0/threaded https://access.redhat.com/errata/RHSA-2010:0770 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20100519-CVE-2010-1321

Get Started

CVE-2010-3559

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect