Executive Summary

Informations
NameCVE-2007-4381First vendor Publication2007-08-17
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4381

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10290
 
Oval ID: oval:org.mitre.oval:def:10290
Title: Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
Description: Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4381
Version: 3
Platform(s): Red Hat Enterprise Linux Extras 3
Red Hat Enterprise Linux Extras 4
Red Hat Enterprise Linux Extras 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22641
 
Oval ID: oval:org.mitre.oval:def:22641
Title: ELSA-2007:0956: java-1.5.0-bea security update (Moderate)
Description: Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
Family: unix Class: patch
Reference(s): ELSA-2007:0956-01
CVE-2007-0243
CVE-2007-2788
CVE-2007-2789
CVE-2007-3503
CVE-2007-3698
CVE-2007-4381
Version: 29
Platform(s): Oracle Linux 5
Product(s): java-1.5.0-bea
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21855
 
Oval ID: oval:org.mitre.oval:def:21855
Title: ELSA-2007:0829: java-1.5.0-ibm security update (Critical)
Description: Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
Family: unix Class: patch
Reference(s): ELSA-2007:0829-01
CVE-2007-2435
CVE-2007-2788
CVE-2007-2789
CVE-2007-3503
CVE-2007-3655
CVE-2007-3922
CVE-2007-4381
Version: 33
Platform(s): Oracle Linux 5
Product(s): java-1.5.0-ibm
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application1
Application1

OpenVAS Exploits

DateDescription
2009-10-13Name : SLES10: Security update for IBM Java 1.4.2
File : nvt/sles10_java-1_4_2-ibm3.nasl
2009-10-13Name : SLES10: Security update for IBM Java 1.5.0
File : nvt/sles10_java-1_5_0-ibm4.nasl
2009-10-10Name : SLES9: Security update for IBMJava5-JRE,IBMJava5-SDK
File : nvt/sles9p5021818.nasl
2009-10-10Name : SLES9: Security update for IBM Java 5 and JRE
File : nvt/sles9p5023460.nasl
2009-10-10Name : SLES9: Security update for IBM Java 2 JRE and SDK
File : nvt/sles9p5023603.nasl
2009-01-23Name : SuSE Update for IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm SUSE-SA:2008...
File : nvt/gb_suse_2008_025.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200709-15 (jrockit-jdk-bin)
File : nvt/glsa_200709_15.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
37766Sun Java JDK / JRE TrueType Font Parsing Memory Overwrite

Nessus® Vulnerability Scanner

DateDescription
2013-02-22Name : The remote Unix host has an application that is affected by a privilege escal...
File : sun_java_jre_103024_unix.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-1086.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12142.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0829.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0956.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0100.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0132.nasl - Type : ACT_GATHER_INFO
2008-04-25Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-5182.nasl - Type : ACT_GATHER_INFO
2008-04-25Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-5183.nasl - Type : ACT_GATHER_INFO
2007-12-17Name : The remote host is affected by multiple vulnerabilities.
File : macosx_java_rel6.nasl - Type : ACT_GATHER_INFO
2007-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-4687.nasl - Type : ACT_GATHER_INFO
2007-09-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200709-15.nasl - Type : ACT_GATHER_INFO
2007-08-17Name : The remote Windows host has an application that is affected by a privilege es...
File : sun_java_jre_103024.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
BEAhttp://dev2dev.bea.com/pub/advisory/248
BIDhttp://www.securityfocus.com/bid/25340
CONFIRMhttp://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html
GENTOOhttp://www.gentoo.org/security/en/glsa/glsa-200709-15.xml
MISChttp://docs.info.apple.com/article.html?artnum=307177
REDHAThttp://www.redhat.com/support/errata/RHSA-2007-0956.html
http://www.redhat.com/support/errata/RHSA-2007-1086.html
http://www.redhat.com/support/errata/RHSA-2008-0100.html
http://www.redhat.com/support/errata/RHSA-2008-0132.html
SECTRACKhttp://www.securitytracker.com/id?1018576
SECUNIAhttp://secunia.com/advisories/26402
http://secunia.com/advisories/26631
http://secunia.com/advisories/26933
http://secunia.com/advisories/27203
http://secunia.com/advisories/27716
http://secunia.com/advisories/28056
http://secunia.com/advisories/28115
http://secunia.com/advisories/28777
http://secunia.com/advisories/28880
http://secunia.com/advisories/29340
http://secunia.com/advisories/29897
SUNALERThttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103024-1
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
VUPENhttp://www.vupen.com/english/advisories/2007/2910
http://www.vupen.com/english/advisories/2007/3009
http://www.vupen.com/english/advisories/2007/4224
XFhttp://xforce.iss.net/xforce/xfdb/36061

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:41:21
  • Multiple Updates
2013-05-11 10:34:13
  • Multiple Updates