← Back

CVE-2007-0012

nvd nist
Published: Jan 9, 2008Modified: Apr 23, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:N/A:P
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM.

Affected (7)

Products: Sun: Jre
Sun
1 product
Jre
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Sun
Jre
Up to 1.5.0
Jre
Up to 1.5.0
Jre
Up to 1.5.0
Jre
Up to 1.5.0
Jre
Up to 1.5.0
Jre
Up to 1.5.0
Jre
Up to 1.5.0

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.