PT-2010-1172 · Oracle+2 · Java Se+3

Published

2010-04-01

·

Updated

2025-03-13

·

CVE-2010-0840

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Java SE versions 6 Update 18, 5.0 Update 23, and 1.4.2 25
Description The issue allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. It is claimed by a reliable researcher to be related to improper checks when executing privileged methods in the Java Runtime Environment, which could allow attackers to execute arbitrary code via an untrusted object that extends the trusted class or a similar trust issue with interfaces.
Recommendations For Java SE versions 6 Update 18, 5.0 Update 23, and 1.4.2 25, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2022-03394
CVE-2010-0840
HPSBUX02524
RHSA-2010:0337
RHSA-2010:0338
RHSA-2010:0339
RHSA-2010:0383
RHSA-2010:0471
RHSA-2010:0489
RHSA-2010:0574
RHSA-2010:0586
RHSA-2010_0339
ZDI-10-056

Affected Products

Hp-Ux
Java Platform
Java Se
Red Hat