Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-5870

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 Jan, 2007 | 11:00
Updated At-07 Aug, 2024 | 20:04
Rejected At-
Credits

Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 Jan, 2007 | 11:00
Updated At:07 Aug, 2024 | 20:04
Rejected At:
â–¼CVE Numbering Authority (CNA)

Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9145
vdb-entry
signature
x_refsource_OVAL
http://www.openoffice.org/issues/show_bug.cgi?id=70042
x_refsource_CONFIRM
http://secunia.com/advisories/23683
third-party-advisory
x_refsource_SECUNIA
http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/
x_refsource_MISC
http://secunia.com/advisories/23682
third-party-advisory
x_refsource_SECUNIA
http://osvdb.org/32611
vdb-entry
x_refsource_OSVDB
http://www.securityfocus.com/archive/1/455943/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/23920
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/23600
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-406-1
vendor-advisory
x_refsource_UBUNTU
http://www.kb.cert.org/vuls/id/220288
third-party-advisory
x_refsource_CERT-VN
http://secunia.com/advisories/23612
third-party-advisory
x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1
vendor-advisory
x_refsource_SUNALERT
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.html
vendor-advisory
x_refsource_SUSE
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly
mailing-list
x_refsource_VULNWATCH
http://secunia.com/advisories/23711
third-party-advisory
x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200701-07.xml
vendor-advisory
x_refsource_GENTOO
http://osvdb.org/32610
vdb-entry
x_refsource_OSVDB
http://www.vupen.com/english/advisories/2007/0031
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/23712
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/455947/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/23616
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-0001.html
vendor-advisory
x_refsource_REDHAT
http://fedoranews.org/cms/node/2344
vendor-advisory
x_refsource_FEDORA
https://issues.rpath.com/browse/RPL-905
x_refsource_CONFIRM
http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/455954/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8280
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/23620
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/31257
vdb-entry
x_refsource_XF
http://secunia.com/advisories/23549
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/0059
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/archive/1/455964/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/456271/100/100/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.debian.org/security/2007/dsa-1246
vendor-advisory
x_refsource_DEBIAN
ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc
vendor-advisory
x_refsource_SGI
http://www.mandriva.com/security/advisories?name=MDKSA-2007:006
vendor-advisory
x_refsource_MANDRIVA
http://securitytracker.com/id?1017466
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/23762
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9145
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.openoffice.org/issues/show_bug.cgi?id=70042
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/23683
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/23682
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://osvdb.org/32611
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.securityfocus.com/archive/1/455943/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/23920
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/23600
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/usn-406-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.kb.cert.org/vuls/id/220288
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://secunia.com/advisories/23612
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly
Resource:
mailing-list
x_refsource_VULNWATCH
Hyperlink: http://secunia.com/advisories/23711
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://security.gentoo.org/glsa/glsa-200701-07.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://osvdb.org/32610
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.vupen.com/english/advisories/2007/0031
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/23712
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/455947/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/23616
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0001.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://fedoranews.org/cms/node/2344
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://issues.rpath.com/browse/RPL-905
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/455954/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8280
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/23620
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/31257
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/23549
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2007/0059
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/archive/1/455964/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/456271/100/100/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.debian.org/security/2007/dsa-1246
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc
Resource:
vendor-advisory
x_refsource_SGI
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:006
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://securitytracker.com/id?1017466
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/23762
Resource:
third-party-advisory
x_refsource_SECUNIA
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9145
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.openoffice.org/issues/show_bug.cgi?id=70042
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/23683
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/
x_refsource_MISC
x_transferred
http://secunia.com/advisories/23682
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://osvdb.org/32611
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.securityfocus.com/archive/1/455943/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/23920
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/23600
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/usn-406-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.kb.cert.org/vuls/id/220288
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://secunia.com/advisories/23612
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly
mailing-list
x_refsource_VULNWATCH
x_transferred
http://secunia.com/advisories/23711
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://security.gentoo.org/glsa/glsa-200701-07.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://osvdb.org/32610
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.vupen.com/english/advisories/2007/0031
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/23712
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/455947/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/23616
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2007-0001.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://fedoranews.org/cms/node/2344
vendor-advisory
x_refsource_FEDORA
x_transferred
https://issues.rpath.com/browse/RPL-905
x_refsource_CONFIRM
x_transferred
http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/archive/1/455954/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8280
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/23620
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/31257
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/23549
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2007/0059
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/archive/1/455964/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/456271/100/100/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.debian.org/security/2007/dsa-1246
vendor-advisory
x_refsource_DEBIAN
x_transferred
ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc
vendor-advisory
x_refsource_SGI
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2007:006
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://securitytracker.com/id?1017466
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/23762
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9145
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.openoffice.org/issues/show_bug.cgi?id=70042
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/23683
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/23682
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://osvdb.org/32611
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/455943/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/23920
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/23600
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-406-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/220288
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://secunia.com/advisories/23612
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly
Resource:
mailing-list
x_refsource_VULNWATCH
x_transferred
Hyperlink: http://secunia.com/advisories/23711
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200701-07.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://osvdb.org/32610
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/0031
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/23712
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/455947/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/23616
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0001.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://fedoranews.org/cms/node/2344
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://issues.rpath.com/browse/RPL-905
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/455954/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8280
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/23620
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/31257
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/23549
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/0059
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/455964/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/456271/100/100/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.debian.org/security/2007/dsa-1246
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc
Resource:
vendor-advisory
x_refsource_SGI
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:006
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://securitytracker.com/id?1017466
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/23762
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:31 Dec, 2006 | 05:00
Updated At:23 Apr, 2026 | 00:35

Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
openoffice
openoffice
>>openoffice>>Versions up to 2.0.4(inclusive)
cpe:2.3:a:openoffice:openoffice:*:*:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>staroffice>>6.0
cpe:2.3:a:sun:staroffice:6.0:*:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>staroffice>>7.0
cpe:2.3:a:sun:staroffice:7.0:*:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>staroffice>>8.0
cpe:2.3:a:sun:staroffice:8.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2007-03-14T00:00:00

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References
HyperlinkSourceResource
ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asccve@mitre.org
N/A
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmlycve@mitre.org
N/A
http://fedoranews.org/cms/node/2344cve@mitre.org
N/A
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.htmlcve@mitre.org
N/A
http://osvdb.org/32610cve@mitre.org
N/A
http://osvdb.org/32611cve@mitre.org
N/A
http://secunia.com/advisories/23549cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/23600cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/23612cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/23616cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/23620cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/23682cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/23683cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/23711cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/23712cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/23762cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/23920cve@mitre.org
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200701-07.xmlcve@mitre.org
N/A
http://securitytracker.com/id?1017466cve@mitre.org
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1cve@mitre.org
N/A
http://www.debian.org/security/2007/dsa-1246cve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/220288cve@mitre.org
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:006cve@mitre.org
N/A
http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/cve@mitre.org
N/A
http://www.openoffice.org/issues/show_bug.cgi?id=70042cve@mitre.org
Patch
http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patchcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2007-0001.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/455943/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/455947/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/455954/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/455964/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/456271/100/100/threadedcve@mitre.org
N/A
http://www.ubuntu.com/usn/usn-406-1cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2007/0031cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2007/0059cve@mitre.org
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31257cve@mitre.org
N/A
https://issues.rpath.com/browse/RPL-905cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8280cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9145cve@mitre.org
N/A
ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.ascaf854a3a-2127-422b-91ae-364da2661108
N/A
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmlyaf854a3a-2127-422b-91ae-364da2661108
N/A
http://fedoranews.org/cms/node/2344af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/32610af854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/32611af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/23549af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/23600af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/23612af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/23616af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/23620af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/23682af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/23683af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/23711af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/23712af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/23762af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/23920af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200701-07.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1017466af854a3a-2127-422b-91ae-364da2661108
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2007/dsa-1246af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/220288af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:006af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openoffice.org/issues/show_bug.cgi?id=70042af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patchaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2007-0001.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/455943/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/455947/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/455954/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/455964/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/456271/100/100/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/usn-406-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2007/0031af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2007/0059af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31257af854a3a-2127-422b-91ae-364da2661108
N/A
https://issues.rpath.com/browse/RPL-905af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8280af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9145af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://fedoranews.org/cms/node/2344
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/32610
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/32611
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/23549
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23600
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23612
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23616
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23620
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23682
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23683
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23711
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23712
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23762
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23920
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200701-07.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1017466
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2007/dsa-1246
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/220288
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:006
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openoffice.org/issues/show_bug.cgi?id=70042
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0001.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/455943/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/455947/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/455954/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/455964/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/456271/100/100/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-406-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2007/0031
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2007/0059
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/31257
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://issues.rpath.com/browse/RPL-905
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8280
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9145
Source: cve@mitre.org
Resource: N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://fedoranews.org/cms/node/2344
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/32610
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/32611
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/23549
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23600
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23612
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23616
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23620
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23682
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23683
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23711
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23712
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23762
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23920
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200701-07.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1017466
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2007/dsa-1246
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/220288
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:006
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openoffice.org/issues/show_bug.cgi?id=70042
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/455943/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/455947/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/455954/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/455964/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/456271/100/100/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-406-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2007/0031
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2007/0059
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/31257
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://issues.rpath.com/browse/RPL-905
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8280
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9145
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

92Records found
CVE-2009-3866
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.18% / 92.58%
||
7 Day CHG~0.00%
Published-05 Nov, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjren/a
CVE-2010-3645
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-5.21% / 91.42%
||
7 Day CHG~0.00%
Published-07 Nov, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CVE-2009-4502
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-21.57% / 97.30%
||
7 Day CHG~0.00%
Published-31 Dec, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.

Action-Not Available
Vendor-n/aFreeBSD FoundationZABBIXSun Microsystems (Oracle Corporation)
Product-solarisfreebsdzabbixn/a
CVE-2009-3873
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-4.21% / 89.69%
||
7 Day CHG~0.00%
Published-05 Nov, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.

Action-Not Available
Vendor-n/aMicrosoft CorporationSun Microsystems (Oracle Corporation)
Product-jdkjrejava_sesolariswindowssdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-3874
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-9.53% / 94.83%
||
7 Day CHG~0.00%
Published-05 Nov, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.

Action-Not Available
Vendor-n/aMicrosoft CorporationSun Microsystems (Oracle Corporation)
Product-jdkjrejava_sesolariswindowssdkn/a
CVE-2009-3869
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-65.46% / 99.16%
||
7 Day CHG~0.00%
Published-05 Nov, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.

Action-Not Available
Vendor-n/aMicrosoft CorporationSun Microsystems (Oracle Corporation)
Product-jdkjrejava_sesolariswindowssdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-3878
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-2.45% / 82.31%
||
7 Day CHG~0.00%
Published-05 Nov, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

Action-Not Available
Vendor-intevydisn/aSun Microsystems (Oracle Corporation)
Product-java_system_web_servervulndisco_packn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-3871
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.84% / 93.20%
||
7 Day CHG~0.00%
Published-05 Nov, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.

Action-Not Available
Vendor-n/aMicrosoft CorporationSun Microsystems (Oracle Corporation)
Product-jdkjrejava_sesolariswindowssdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-4211
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.69% / 74.12%
||
7 Day CHG~0.00%
Published-04 Dec, 2009 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program.

Action-Not Available
Vendor-disan/aSun Microsystems (Oracle Corporation)
Product-solarissrr_for_solarisn/a
CVE-2009-3571
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.29% / 66.58%
||
7 Day CHG~0.00%
Published-06 Oct, 2009 | 20:19
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

Action-Not Available
Vendor-openofficen/a
Product-openoffice.orgn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2139
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.48% / 92.87%
||
7 Day CHG~0.00%
Published-08 Sep, 2009 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-openoffice.orgn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1671
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-10.34% / 95.12%
||
7 Day CHG~0.00%
Published-18 May, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0723
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.03% / 91.15%
||
7 Day CHG~0.00%
Published-23 Mar, 2009 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-littlecmsn/aGIMPMozilla CorporationSun Microsystems (Oracle Corporation)
Product-little_cmsopenjdkfirefoxgimpn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2009-0259
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-7.50% / 93.70%
||
7 Day CHG~0.00%
Published-22 Jan, 2009 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.

Action-Not Available
Vendor-openofficen/a
Product-openoffice.orgn/a
CVE-2009-0201
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-6.72% / 93.09%
||
7 Day CHG~0.00%
Published-02 Sep, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."

Action-Not Available
Vendor-openofficen/a
Product-openoffice.orgn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0200
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-6.72% / 93.09%
||
7 Day CHG~0.00%
Published-02 Sep, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.

Action-Not Available
Vendor-openofficen/a
Product-openoffice.orgn/a
CVE-2008-5357
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-10.02% / 95.01%
||
7 Day CHG~0.00%
Published-05 Dec, 2008 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CVE-2008-5354
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-4.80% / 90.80%
||
7 Day CHG~0.00%
Published-05 Dec, 2008 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-5352
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.06% / 85.90%
||
7 Day CHG~0.00%
Published-05 Dec, 2008 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjren/a
CVE-2008-5662
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.31% / 86.99%
||
7 Day CHG~0.00%
Published-17 Dec, 2008 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC 2.5.2 and earlier allow downloaded programs to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_wireless_toolkit_for_cldcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-5359
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-10.78% / 95.27%
||
7 Day CHG~0.00%
Published-05 Dec, 2008 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-5356
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-8.91% / 94.56%
||
7 Day CHG~0.00%
Published-05 Dec, 2008 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3103
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.04% / 91.19%
||
7 Day CHG~0.00%
Published-09 Jul, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjren/a
CVE-2008-2705
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.57% / 87.88%
||
7 Day CHG~0.00%
Published-16 Jun, 2008 | 18:26
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_system_access_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-2086
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-7.32% / 93.59%
||
7 Day CHG~0.00%
Published-05 Dec, 2008 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-0965
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.70% / 92.02%
||
7 Day CHG~0.00%
Published-08 Aug, 2008 | 18:12
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-opensolarissolarissunosn/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2008-1188
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-12.48% / 95.70%
||
7 Day CHG~0.00%
Published-06 Mar, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-1190
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-16.90% / 96.66%
||
7 Day CHG~0.00%
Published-06 Mar, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CVE-2008-1186
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.56% / 91.84%
||
7 Day CHG~0.00%
Published-06 Mar, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue."

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CVE-2008-1195
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.68% / 92.00%
||
7 Day CHG~0.00%
Published-06 Mar, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.

Action-Not Available
Vendor-n/aCanonical Ltd.Sun Microsystems (Oracle Corporation)
Product-ubuntu_linuxjdkjresdkn/a
CVE-2008-1185
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.63% / 91.94%
||
7 Day CHG~0.00%
Published-06 Mar, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186, aka "the first issue."

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CVE-2008-0964
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-13.51% / 95.96%
||
7 Day CHG~0.00%
Published-08 Aug, 2008 | 18:12
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-opensolarissolarissunosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-1999-0320
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.32% / 67.12%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-sunossolarisn/a
CVE-2007-4575
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-14.35% / 96.15%
||
7 Day CHG~0.00%
Published-06 Dec, 2007 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."

Action-Not Available
Vendor-openofficen/a
Product-openofficen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-3504
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.42% / 92.81%
||
7 Day CHG~0.00%
Published-30 Jun, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file.

Action-Not Available
Vendor-n/aMicrosoft CorporationSun Microsystems (Oracle Corporation)
Product-windowsjdkjresdkn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2007-0245
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.02% / 92.41%
||
7 Day CHG~0.00%
Published-12 Jun, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.

Action-Not Available
Vendor-openofficen/a
Product-openofficen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-6745
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.06% / 85.89%
||
7 Day CHG~0.00%
Published-26 Dec, 2006 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jrej2sen/a
CVE-2006-6731
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.63% / 88.08%
||
7 Day CHG~0.00%
Published-26 Dec, 2006 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CVE-2008-1193
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-12.50% / 95.70%
||
7 Day CHG~0.00%
Published-06 Mar, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjren/a
CVE-2004-1029
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-17.02% / 96.68%
||
7 Day CHG~0.00%
Published-24 Nov, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

Action-Not Available
Vendor-conectivan/aHP Inc.Symantec CorporationGentoo Foundation, Inc.Sun Microsystems (Oracle Corporation)
Product-linuxenterprise_firewalljdkhp-uxjava_sdk-rtejregateway_security_5400n/a
CVE-2003-1572
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.72% / 74.51%
||
7 Day CHG~0.00%
Published-01 Jun, 2009 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jmfn/a
CVE-2010-3646
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-5.21% / 91.41%
||
7 Day CHG~0.00%
Published-07 Nov, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CVE-2007-0239
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.48% / 87.58%
||
7 Day CHG~0.00%
Published-21 Mar, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.

Action-Not Available
Vendor-openofficen/a
Product-openofficen/a
CVE-2013-5832
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-4.75% / 90.72%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 17:31
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5852.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-jdkjren/a
CVE-2013-5850
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-5.50% / 91.77%
||
7 Day CHG-0.02%
Published-16 Oct, 2013 | 17:31
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-jrejdkn/a
CVE-2013-3743
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-6.08% / 92.48%
||
7 Day CHG~0.00%
Published-18 Jun, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-jrejdkn/a
CVE-2012-0504
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-3.85% / 88.78%
||
7 Day CHG-0.04%
Published-15 Feb, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-jrejdkn/a
CVE-2011-3551
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-4.55% / 90.36%
||
7 Day CHG~0.00%
Published-19 Oct, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-jrockitjdkjren/a
CVE-2011-2424
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-6.91% / 93.26%
||
7 Day CHG~0.00%
Published-15 Aug, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures."

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xsunoswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2430
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-6.27% / 92.67%
||
7 Day CHG~0.00%
Published-22 Sep, 2011 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsunoswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • Next
Details not found