CVE-2007-0243 - Vulnerability Details

Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux Network Satellite Rhel Extras
Sun	Jdk Jre Sdk

Configuration 1 [-]

OR	cpe:2.3:a:sun:jdk::update9::::::*
	cpe:2.3:a:sun:jdk:1.5.0:update3::::::
	cpe:2.3:a:sun:jdk:1.5.0:update4::::::
	cpe:2.3:a:sun:jdk:1.5.0:update5::::::
	cpe:2.3:a:sun:jdk:1.5.0:update7::::::
	cpe:2.3:a:sun:jdk:1.5.0:update8::::::
	cpe:2.3:a:sun:jre::update18::::::*
	cpe:2.3:a:sun:jre:1.3.1:update16::::::
	cpe:2.3:a:sun:jre:1.4.2_1:::::::*
	cpe:2.3:a:sun:jre:1.4.2_2:::::::*
	cpe:2.3:a:sun:jre:1.4.2_3:::::::*
	cpe:2.3:a:sun:jre:1.4.2_4:::::::*
	cpe:2.3:a:sun:jre:1.4.2_5:::::::*
	cpe:2.3:a:sun:jre:1.4.2_6:::::::*
	cpe:2.3:a:sun:jre:1.4.2_7:::::::*
	cpe:2.3:a:sun:jre:1.4.2_8:::::::*
	cpe:2.3:a:sun:jre:1.4.2_9:::::::*
	cpe:2.3:a:sun:jre:1.4.2_10:::::::*
	cpe:2.3:a:sun:jre:1.4.2_11:::::::*
	cpe:2.3:a:sun:jre:1.4.2_12:::::::*
	cpe:2.3:a:sun:jre:1.5.0:update3::::::
	cpe:2.3:a:sun:jre:1.5.0:update4::::::
	cpe:2.3:a:sun:jre:1.5.0:update5::::::
	cpe:2.3:a:sun:jre:1.5.0:update6::::::
	cpe:2.3:a:sun:jre:1.5.0:update7::::::
	cpe:2.3:a:sun:jre:1.5.0:update8::::::
	cpe:2.3:a:sun:jre:1.5.0:update9::::::
	cpe:2.3:a:sun:sdk:1.3.1_01:::::::*
	cpe:2.3:a:sun:sdk:1.3.1_01a:::::::*
	cpe:2.3:a:sun:sdk:1.3.1_16:::::::*
	cpe:2.3:a:sun:sdk:1.3.1_18:::::::*
	cpe:2.3:a:sun:sdk:1.4.2:::::::*
	cpe:2.3:a:sun:sdk:1.4.2_03:::::::*
	cpe:2.3:a:sun:sdk:1.4.2_08:::::::*
	cpe:2.3:a:sun:sdk:1.4.2_09:::::::*
	cpe:2.3:a:sun:sdk:1.4.2_10:::::::*
	cpe:2.3:a:sun:sdk:1.4.2_12:::::::*

Package	CPE	Advisory	Released Date
Extras for RHEL 3
java-1.4.2-ibm-0:1.4.2.8-1jpp.1.el3	cpe:/a:redhat:rhel_extras:3	RHSA-2007:0166	2007-04-25T00:00:00Z
Extras for RHEL 4
java-1.4.2-ibm-0:1.4.2.8-1jpp.1.el4	cpe:/a:redhat:rhel_extras:4	RHSA-2007:0166	2007-04-25T00:00:00Z
java-1.5.0-ibm-1:1.5.0.4-1jpp.3.el4	cpe:/a:redhat:rhel_extras:4	RHSA-2007:0167	2007-04-25T00:00:00Z
Red Hat Enterprise Linux 2.1
IBMJava2-JRE-1:1.3.1-12	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2007:0072	2007-01-24T00:00:00Z
IBMJava2-SDK-1:1.3.1-11	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2007:0072	2007-01-24T00:00:00Z
Red Hat Network Satellite Server v 4.2
jabberd-0:2.0s10-3.38.rhn	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
jfreechart-0:0.9.20-3.rhn	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
openmotif21-0:2.1.30-11.RHEL4.6	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modjk-0:1.2.23-2rhn.rhel4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modperl-0:1.29-16.rhel4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modssl-0:2.8.12-8.rhn.10.rhel4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
Red Hat Network Satellite Server v 4.2 (RHEL3)
jabberd-0:2.0s10-3.37.rhn	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
jfreechart-0:0.9.20-3.rhn	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
openmotif21-0:2.1.30-9.RHEL3.8	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modjk-0:1.2.23-2rhn.rhel3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modperl-0:1.29-16.rhel3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modssl-0:2.8.12-8.rhn.10.rhel3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
Red Hat Network Satellite Server v 5.0
jabberd-0:2.0s10-3.38.rhn	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
jfreechart-0:0.9.20-3.rhn	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
openmotif21-0:2.1.30-11.RHEL4.6	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
rhn-modjk-0:1.2.23-2rhn.rhel4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
rhn-modperl-0:1.29-16.rhel4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
rhn-modssl-0:2.8.12-8.rhn.10.rhel4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
java-1.4.2-ibm-0:1.4.2.8-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2007:0166	2007-04-25T00:00:00Z
java-1.5.0-ibm-1:1.5.0.4-1jpp.3.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2007:0167	2007-04-25T00:00:00Z
java-1.5.0-bea-0:1.5.0.11-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2007:0956	2007-10-16T00:00:00Z

References

Link	Providers
http://dev2dev.bea.com/pub/advisory/242
http://docs.info.apple.com/article.html?artnum=307177
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://osvdb.org/32834
http://secunia.com/advisories/23757
http://secunia.com/advisories/24189
http://secunia.com/advisories/24202
http://secunia.com/advisories/24468
http://secunia.com/advisories/24993
http://secunia.com/advisories/25283
http://secunia.com/advisories/26049
http://secunia.com/advisories/26119
http://secunia.com/advisories/26645
http://secunia.com/advisories/27203
http://secunia.com/advisories/28115
http://security.gentoo.org/glsa/glsa-200702-08.xml
http://securityreason.com/securityalert/2158
http://securitytracker.com/id?1017520
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html
http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html
http://www.gentoo.org/security/en/glsa/glsa-200702-07.xml
http://www.kb.cert.org/vuls/id/388289
http://www.novell.com/linux/security/advisories/2007_45_java.html
http://www.redhat.com/support/errata/RHSA-2007-0166.html
http://www.redhat.com/support/errata/RHSA-2007-0167.html
http://www.redhat.com/support/errata/RHSA-2007-0956.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securityfocus.com/archive/1/457159/100/0/threaded
http://www.securityfocus.com/archive/1/457638/100/0/threaded
http://www.securityfocus.com/bid/22085
http://www.us-cert.gov/cas/techalerts/TA07-022A.html
http://www.vupen.com/english/advisories/2007/0211
http://www.vupen.com/english/advisories/2007/0936
http://www.vupen.com/english/advisories/2007/1814
http://www.vupen.com/english/advisories/2007/4224
http://www.zerodayinitiative.com/advisories/ZDI-07-005.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/31537
https://nvd.nist.gov/vuln/detail/CVE-2007-0243
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073
https://www.cve.org/CVERecord?id=CVE-2007-0243

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-17T22:00:00

Updated: 2024-08-07T12:12:17.956Z

Reserved: 2007-01-16T00:00:00

Link: CVE-2007-0243

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-01-17T22:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0243

Redhat

Severity : Important

Publid Date: 2007-01-17T00:00:00Z

Links: CVE-2007-0243 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-16T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070117 ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/457159/100/0/threaded"}, {"name": "102760", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1"}, {"tags": ["x_refsource_MISC"], "url": "http://docs.info.apple.com/article.html?artnum=307177"}, {"name": "24468", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24468"}, {"name": "RHSA-2007:0166", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0166.html"}, {"name": "VU#388289", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/388289"}, {"name": "HPSBUX02196", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579"}, {"name": "26049", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26049"}, {"name": "ADV-2007-1814", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1814"}, {"name": "24202", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24202"}, {"name": "20070121 Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/457638/100/0/threaded"}, {"name": "25283", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25283"}, {"name": "32834", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32834"}, {"name": "24189", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24189"}, {"name": "SSRT071318", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579"}, {"name": "SUSE-SA:2007:045", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html"}, {"name": "APPLE-SA-2007-12-14", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"}, {"name": "2158", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2158"}, {"name": "1017520", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017520"}, {"name": "RHSA-2007:0956", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html"}, {"name": "oval:org.mitre.oval:def:11073", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073"}, {"name": "26645", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26645"}, {"name": "RHSA-2007:0167", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0167.html"}, {"name": "26119", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26119"}, {"name": "23757", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23757"}, {"name": "22085", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22085"}, {"name": "ADV-2007-4224", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/4224"}, {"name": "24993", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24993"}, {"name": "28115", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28115"}, {"name": "RHSA-2008:0261", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-005.html"}, {"name": "ADV-2007-0211", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0211"}, {"name": "27203", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27203"}, {"name": "jre-gif-bo(31537)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31537"}, {"name": "ADV-2007-0936", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0936"}, {"name": "GLSA-200702-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200702-08.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html"}, {"name": "GLSA-200702-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-07.xml"}, {"name": "TA07-022A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-022A.html"}, {"name": "BEA07-172.00", "tags": ["vendor-advisory", "x_refsource_BEA"], "url": "http://dev2dev.bea.com/pub/advisory/242"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0243", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070117 ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/457159/100/0/threaded"}, {"name": "102760", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1"}, {"name": "http://docs.info.apple.com/article.html?artnum=307177", "refsource": "MISC", "url": "http://docs.info.apple.com/article.html?artnum=307177"}, {"name": "24468", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24468"}, {"name": "RHSA-2007:0166", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0166.html"}, {"name": "VU#388289", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/388289"}, {"name": "HPSBUX02196", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579"}, {"name": "26049", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26049"}, {"name": "ADV-2007-1814", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1814"}, {"name": "24202", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24202"}, {"name": "20070121 Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/457638/100/0/threaded"}, {"name": "25283", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25283"}, {"name": "32834", "refsource": "OSVDB", "url": "http://osvdb.org/32834"}, {"name": "24189", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24189"}, {"name": "SSRT071318", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579"}, {"name": "SUSE-SA:2007:045", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html"}, {"name": "APPLE-SA-2007-12-14", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"}, {"name": "2158", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2158"}, {"name": "1017520", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017520"}, {"name": "RHSA-2007:0956", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"}, {"name": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html", "refsource": "CONFIRM", "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html"}, {"name": "oval:org.mitre.oval:def:11073", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073"}, {"name": "26645", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26645"}, {"name": "RHSA-2007:0167", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0167.html"}, {"name": "26119", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26119"}, {"name": "23757", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23757"}, {"name": "22085", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22085"}, {"name": "ADV-2007-4224", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4224"}, {"name": "24993", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24993"}, {"name": "28115", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28115"}, {"name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-005.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-005.html"}, {"name": "ADV-2007-0211", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0211"}, {"name": "27203", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27203"}, {"name": "jre-gif-bo(31537)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31537"}, {"name": "ADV-2007-0936", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0936"}, {"name": "GLSA-200702-08", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200702-08.xml"}, {"name": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html", "refsource": "CONFIRM", "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html"}, {"name": "GLSA-200702-07", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-07.xml"}, {"name": "TA07-022A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-022A.html"}, {"name": "BEA07-172.00", "refsource": "BEA", "url": "http://dev2dev.bea.com/pub/advisory/242"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:12:17.956Z"}, "title": "CVE Program Container", "references": [{"name": "20070117 ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/457159/100/0/threaded"}, {"name": "102760", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=307177"}, {"name": "24468", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24468"}, {"name": "RHSA-2007:0166", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0166.html"}, {"name": "VU#388289", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/388289"}, {"name": "HPSBUX02196", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579"}, {"name": "26049", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26049"}, {"name": "ADV-2007-1814", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1814"}, {"name": "24202", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24202"}, {"name": "20070121 Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/457638/100/0/threaded"}, {"name": "25283", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25283"}, {"name": "32834", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32834"}, {"name": "24189", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24189"}, {"name": "SSRT071318", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579"}, {"name": "SUSE-SA:2007:045", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html"}, {"name": "APPLE-SA-2007-12-14", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"}, {"name": "2158", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2158"}, {"name": "1017520", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017520"}, {"name": "RHSA-2007:0956", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html"}, {"name": "oval:org.mitre.oval:def:11073", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073"}, {"name": "26645", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26645"}, {"name": "RHSA-2007:0167", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0167.html"}, {"name": "26119", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26119"}, {"name": "23757", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23757"}, {"name": "22085", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22085"}, {"name": "ADV-2007-4224", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/4224"}, {"name": "24993", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24993"}, {"name": "28115", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28115"}, {"name": "RHSA-2008:0261", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-005.html"}, {"name": "ADV-2007-0211", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0211"}, {"name": "27203", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27203"}, {"name": "jre-gif-bo(31537)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31537"}, {"name": "ADV-2007-0936", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0936"}, {"name": "GLSA-200702-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200702-08.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html"}, {"name": "GLSA-200702-07", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-07.xml"}, {"name": "TA07-022A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-022A.html"}, {"name": "BEA07-172.00", "tags": ["vendor-advisory", "x_refsource_BEA", "x_transferred"], "url": "http://dev2dev.bea.com/pub/advisory/242"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0243", "datePublished": "2007-01-17T22:00:00", "dateReserved": "2007-01-16T00:00:00", "dateUpdated": "2024-08-07T12:12:17.956Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:jdk:*:update9:*:*:*:*:*:*", "matchCriteriaId": "0CF0BED7-BF52-47DF-9199-D832FDFEC87D", "versionEndIncluding": "1.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "matchCriteriaId": "5F8E9AA0-8907-4B1A-86A1-08568195217D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "matchCriteriaId": "A337AD31-4566-4A4E-AFF3-7EAECD5C90F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "matchCriteriaId": "0754AFDC-2F1C-4C06-AB46-457B5E610029", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "matchCriteriaId": "DC0ABF7A-107B-4B97-9BD7-7B0CEDAAF359", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "matchCriteriaId": "A5DA4242-30D9-44C8-9D0D-877348FFA22B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:*:update18:*:*:*:*:*:*", "matchCriteriaId": "51CD83E6-709C-4967-9DE5-94C0669A849C", "versionEndIncluding": "1.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.3.1:update16:*:*:*:*:*:*", "matchCriteriaId": "FD3AC618-7B66-4167-ABE5-87BE6907FB5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "matchCriteriaId": "1EEAB662-644A-4D7B-8237-64142CF48724", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "matchCriteriaId": "D9598A49-95F2-42DB-B92C-CD026F739B83", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "matchCriteriaId": "BED1009E-AE60-43A0-A0F5-38526EFCF423", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "matchCriteriaId": "D011585C-0E62-4233-85FA-F29A07D68DA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "matchCriteriaId": "F226D898-F0E8-41D8-BF40-54DE9FB5426D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "matchCriteriaId": "4CB9CCD1-A67D-4800-9EC5-6E1A0B0B76E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "matchCriteriaId": "CE28C283-447A-4F83-B96B-69F96E663C1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "matchCriteriaId": "D102063B-2434-4141-98E7-2DE501AE1728", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "matchCriteriaId": "03B8CD03-CD31-4F4D-BA90-59435578A4F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "matchCriteriaId": "41A994BF-1F64-480A-8AA5-748DDD0AB68C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "matchCriteriaId": "88519F2D-AD06-4F05-BEDA-A09216F1B481", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "matchCriteriaId": "AC728978-368D-4B36-B149-70473E92BD1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "matchCriteriaId": "44051CFE-D15D-4416-A123-F3E49C67A9E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "matchCriteriaId": "F296ACF3-1373-429D-B991-8B5BA704A7EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "matchCriteriaId": "B863420B-DE16-416A-9640-1A1340A9B855", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "matchCriteriaId": "724C972F-74FE-4044-BBC4-7E0E61FC9002", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "matchCriteriaId": "46F41C15-0EF4-4115-BFAA-EEAD56FAEEDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "matchCriteriaId": "EBE909DE-E55A-4BD3-A5BF-ADE407432193", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "matchCriteriaId": "5DAC04D2-68FD-4793-A8E7-4690A543D7D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "matchCriteriaId": "34710306-D6CF-4D07-84BF-71A8839BE416", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "matchCriteriaId": "44B93DC8-6375-4B41-B9BC-F22F592C56B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "matchCriteriaId": "A053DEF6-1317-4DA8-91D7-E1970DA62351", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "matchCriteriaId": "EB0605FF-3DDC-4F3A-8171-F3A447E9C292", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "002CA86D-3090-4C7A-947A-21CB5D1ADD98", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "matchCriteriaId": "37A3D49A-BE20-47BF-A85F-122357BAB098", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "matchCriteriaId": "DD02EBDF-6E51-4538-9EDD-B1DE914D09C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "matchCriteriaId": "53C3C0E3-5F40-412B-A4AD-A7A291DE2A08", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "matchCriteriaId": "36888382-79C8-4C97-A654-C668CD68556F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "matchCriteriaId": "A74DD08D-CEDB-460E-BED5-78F6CAF18BF5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el Sun JDK y el Java Runtime Environment (JRE) 5.0 Actualizada a la 9 y anteriores, SDK y JRE 1.4.2_12 y anteriores y SDK y JRE 1.3.1_18 y anteriores permite a los applets obtener privilegios mediante una imagen GIF con un bloque con un campo de longitud 0, el cual dispara una corrupci\u00f3n de memoria."}], "id": "CVE-2007-0243", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-01-17T22:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://dev2dev.bea.com/pub/advisory/242"}, {"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=307177"}, {"source": "cve@mitre.org", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579"}, {"source": "cve@mitre.org", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32834"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23757"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24189"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24202"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24468"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24993"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25283"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26049"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26119"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26645"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27203"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28115"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200702-08.xml"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2158"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017520"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-07.xml"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/388289"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2007-0166.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2007-0167.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/457159/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/457638/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22085"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-022A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0211"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0936"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1814"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/4224"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-005.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31537"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dev2dev.bea.com/pub/advisory/242"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://docs.info.apple.com/article.html?artnum=307177"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32834"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23757"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24189"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24202"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24468"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24993"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26049"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26119"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26645"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27203"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28115"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200702-08.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2158"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017520"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-07.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/388289"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0166.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0167.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/457159/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/457638/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22085"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-022A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0211"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0936"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1814"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/4224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31537"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2007:0166", "cpe": "cpe:/a:redhat:rhel_extras:3", "package": "java-1.4.2-ibm-0:1.4.2.8-1jpp.1.el3", "product_name": "Extras for RHEL 3", "release_date": "2007-04-25T00:00:00Z"}, {"advisory": "RHSA-2007:0166", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "java-1.4.2-ibm-0:1.4.2.8-1jpp.1.el4", "product_name": "Extras for RHEL 4", "release_date": "2007-04-25T00:00:00Z"}, {"advisory": "RHSA-2007:0167", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "java-1.5.0-ibm-1:1.5.0.4-1jpp.3.el4", "product_name": "Extras for RHEL 4", "release_date": "2007-04-25T00:00:00Z"}, {"advisory": "RHSA-2007:0072", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "IBMJava2-JRE-1:1.3.1-12", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2007-01-24T00:00:00Z"}, {"advisory": "RHSA-2007:0072", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "IBMJava2-SDK-1:1.3.1-11", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2007-01-24T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "jabberd-0:2.0s10-3.38.rhn", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "openmotif21-0:2.1.30-11.RHEL4.6", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "perl-Crypt-CBC-0:2.24-1.el4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-apache-0:1.3.27-36.rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-modjk-0:1.2.23-2rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-modperl-0:1.29-16.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "jabberd-0:2.0s10-3.37.rhn", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "openmotif21-0:2.1.30-9.RHEL3.8", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "perl-Crypt-CBC-0:2.24-1.el3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-apache-0:1.3.27-36.rhn.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-modjk-0:1.2.23-2rhn.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-modperl-0:1.29-16.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-modssl-0:2.8.12-8.rhn.10.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "jabberd-0:2.0s10-3.38.rhn", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "openmotif21-0:2.1.30-11.RHEL4.6", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "perl-Crypt-CBC-0:2.24-1.el4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-apache-0:1.3.27-36.rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-modjk-0:1.2.23-2rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-modperl-0:1.29-16.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2007:0166", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.4.2-ibm-0:1.4.2.8-1jpp.1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2007-04-25T00:00:00Z"}, {"advisory": "RHSA-2007:0167", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.5.0-ibm-1:1.5.0.4-1jpp.3.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2007-04-25T00:00:00Z"}, {"advisory": "RHSA-2007:0956", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.5.0-bea-0:1.5.0.11-1jpp.1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2007-10-16T00:00:00Z"}], "bugzilla": {"description": "java-jre: GIF buffer overflow", "id": "325941", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=325941"}, "csaw": false, "details": ["Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption."], "name": "CVE-2007-0243", "public_date": "2007-01-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-0243\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-0243"], "threat_severity": "Important"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object