CVE-2007-4381

Executive Summary

Informations
Name	CVE-2007-4381	First vendor Publication	2007-08-17
Vendor	Cve	Last vendor Modification	2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

Impacts

Provides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4381

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10290

Oval ID:	oval:org.mitre.oval:def:10290
Title:	Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
Description:	Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-4381	Version:	3
Platform(s):	Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5	Product(s):
Definition Synopsis:
IF redhat-release is version 3 AND java-1.4.2-ibm-devel is earlier than 0:1.4.2.10-1jpp.2.el3 AND java-1.4.2-ibm is earlier than 0:1.4.2.10-1jpp.2.el3 AND java-1.4.2-bea is earlier than 0:1.4.2.16-1jpp.1.el3 AND java-1.4.2-ibm-src is earlier than 0:1.4.2.10-1jpp.2.el3 AND java-1.4.2-bea-devel is earlier than 0:1.4.2.16-1jpp.1.el3 AND java-1.4.2-bea-jdbc is earlier than 0:1.4.2.16-1jpp.1.el3 AND java-1.4.2-ibm-plugin is earlier than 0:1.4.2.10-1jpp.2.el3 AND java-1.4.2-ibm-jdbc is earlier than 0:1.4.2.10-1jpp.2.el3 AND java-1.4.2-ibm-demo is earlier than 0:1.4.2.10-1jpp.2.el3 OR redhat-release is version 4 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.5-1jpp.2.el4 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.5-1jpp.2.el4 AND java-1.4.2-ibm-devel is earlier than 0:1.4.2.10-1jpp.2.el4 AND java-1.4.2-bea is earlier than 0:1.4.2.16-1jpp.1.el4 AND java-1.4.2-ibm-src is earlier than 0:1.4.2.10-1jpp.2.el4 AND java-1.4.2-bea-devel is earlier than 0:1.4.2.16-1jpp.1.el4 AND java-1.4.2-bea-jdbc is earlier than 0:1.4.2.16-1jpp.1.el4 AND java-1.4.2-ibm-plugin is earlier than 0:1.4.2.10-1jpp.2.el4 AND java-1.5.0-ibm-plugin is earlier than 1:1.5.0.5-1jpp.2.el4 AND java-1.5.0-bea-jdbc is earlier than 0:1.5.0.11-1jpp.2.el4 AND java-1.4.2-ibm-demo is earlier than 0:1.4.2.10-1jpp.2.el4 AND java-1.5.0-bea is earlier than 0:1.5.0.11-1jpp.2.el4 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.5-1jpp.2.el4 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.5-1jpp.2.el4 AND java-1.4.2-ibm is earlier than 0:1.4.2.10-1jpp.2.el4 AND java-1.4.2-ibm-javacomm is earlier than 0:1.4.2.10-1jpp.2.el4 AND java-1.5.0-bea-src is earlier than 0:1.5.0.11-1jpp.2.el4 AND java-1.5.0-bea-demo is earlier than 0:1.5.0.11-1jpp.2.el4 AND java-1.5.0-ibm is earlier than 1:1.5.0.5-1jpp.2.el4 AND java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.5-1jpp.2.el4 AND java-1.4.2-ibm-jdbc is earlier than 0:1.4.2.10-1jpp.2.el4 AND java-1.5.0-bea-devel is earlier than 0:1.5.0.11-1jpp.2.el4 OR redhat-release is version 5 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.5-1jpp.0.1.el5 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.5-1jpp.0.1.el5 AND java-1.4.2-bea-missioncontrol is earlier than 0:1.4.2.16-1jpp.1.el5 AND java-1.4.2-ibm-devel is earlier than 0:1.4.2.10-1jpp.2.el5 AND java-1.4.2-bea is earlier than 0:1.4.2.16-1jpp.1.el5 AND java-1.4.2-ibm-src is earlier than 0:1.4.2.10-1jpp.2.el5 AND java-1.4.2-bea-devel is earlier than 0:1.4.2.16-1jpp.1.el5 AND java-1.4.2-bea-jdbc is earlier than 0:1.4.2.16-1jpp.1.el5 AND java-1.4.2-ibm-plugin is earlier than 0:1.4.2.10-1jpp.2.el5 AND java-1.5.0-ibm-plugin is earlier than 1:1.5.0.5-1jpp.0.1.el5 AND java-1.5.0-bea-jdbc is earlier than 0:1.5.0.11-1jpp.1.el5 AND java-1.4.2-ibm-demo is earlier than 0:1.4.2.10-1jpp.2.el5 AND java-1.5.0-bea is earlier than 0:1.5.0.11-1jpp.1.el5 AND java-1.4.2-bea-demo is earlier than 0:1.4.2.16-1jpp.1.el5 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.5-1jpp.0.1.el5 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.5-1jpp.0.1.el5 AND java-1.4.2-ibm is earlier than 0:1.4.2.10-1jpp.2.el5 AND java-1.5.0-bea-src is earlier than 0:1.5.0.11-1jpp.1.el5 AND java-1.5.0-bea-missioncontrol is earlier than 0:1.5.0.11-1jpp.1.el5 AND java-1.4.2-ibm-javacomm is earlier than 0:1.4.2.10-1jpp.2.el5 AND java-1.5.0-ibm is earlier than 1:1.5.0.5-1jpp.0.1.el5 AND java-1.5.0-bea-demo is earlier than 0:1.5.0.11-1jpp.1.el5 AND java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.5-1jpp.0.1.el5 AND java-1.4.2-ibm-jdbc is earlier than 0:1.4.2.10-1jpp.2.el5 AND java-1.5.0-bea-devel is earlier than 0:1.5.0.11-1jpp.1.el5 AND java-1.4.2-bea-src is earlier than 0:1.4.2.16-1jpp.1.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Sun Jdk cpe:/a:sun:jdk:1.5.0:update9	1
Application	Sun Jre cpe:/a:sun:jre:1.4.2:update14	1
Application	Sun Sdk cpe:/a:sun:sdk:1.4.2_14	1

Open Source Vulnerability Database (OSVDB)

id	Description
37766	Sun Java JDK / JRE TrueType Font Parsing Memory Overwrite

Internal Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
BEA	http://dev2dev.bea.com/pub/advisory/248
BID	http://www.securityfocus.com/bid/25340
CONFIRM	http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html
GENTOO	http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml
MISC	http://docs.info.apple.com/article.html?artnum=307177
REDHAT	http://www.redhat.com/support/errata/RHSA-2007-0956.html http://www.redhat.com/support/errata/RHSA-2007-1086.html http://www.redhat.com/support/errata/RHSA-2008-0100.html http://www.redhat.com/support/errata/RHSA-2008-0132.html
SECTRACK	http://www.securitytracker.com/id?1018576
SECUNIA	http://secunia.com/advisories/26402 http://secunia.com/advisories/26631 http://secunia.com/advisories/26933 http://secunia.com/advisories/27203 http://secunia.com/advisories/27716 http://secunia.com/advisories/28056 http://secunia.com/advisories/28115 http://secunia.com/advisories/28777 http://secunia.com/advisories/28880 http://secunia.com/advisories/29340 http://secunia.com/advisories/29897
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103024-1
SUSE	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
VUPEN	http://www.vupen.com/english/advisories/2007/2910 http://www.vupen.com/english/advisories/2007/3009 http://www.vupen.com/english/advisories/2007/4224
XF	http://xforce.iss.net/xforce/xfdb/36061

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 10:34:13	Multiple Updates

Type	Count
Oval ID(s)	1
CPE ID(s)	3
osvdb(s)	1

Related	Severity
SUN-103024	(Critical)
RHSA-2008:0132	(Critical)
RHSA-2008:0100	(Critical)
RHSA-2007:1086	(Critical)
RHSA-2007:0956	(Critical)
GLSA-200709-15	(Critical)

Same Subject	Severity
Login to view 16 more Alert(s)

CVE-2007-4381

Executive Summary

Security-Database Scoring CVSS v2

Security Protection

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU