CVE-2007-3655

Published Jul 10, 2007

Last updated 6 years ago

CVSS info 6.8

Overview

Description: Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7FC09E8-7F30-4FE4-912E-588AA250E2A3"
          },
          {
            "criteria": "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A586DE4E-8A46-41DE-9FDB-5FDB81DCC87B"
          },
          {
            "criteria": "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9919D091-73D7-465A-80FF-F37D6CAF9F46"
          },
          {
            "criteria": "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EA5B9E9-654D-44F7-AE98-3D8B382804AC"
          },
          {
            "criteria": "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44051CFE-D15D-4416-A123-F3E49C67A9E7"
          },
          {
            "criteria": "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F296ACF3-1373-429D-B991-8B5BA704A7EF"
          },
          {
            "criteria": "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B863420B-DE16-416A-9640-1A1340A9B855"
          },
          {
            "criteria": "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "724C972F-74FE-4044-BBC4-7E0E61FC9002"
          },
          {
            "criteria": "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46F41C15-0EF4-4115-BFAA-EEAD56FAEEDB"
          },
          {
            "criteria": "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBE909DE-E55A-4BD3-A5BF-ADE407432193"
          },
          {
            "criteria": "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DAC04D2-68FD-4793-A8E7-4690A543D7D4"
          },
          {
            "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09027C19-D442-446F-B7A8-21DB6787CF43"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References