Unrated severityNVD Advisory· Published Jan 9, 2008· Updated Jun 16, 2026
CVE-2007-0012
CVE-2007-0012
Description
Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM.
Affected products
8cpe:2.3:a:sun:jre:*:update10:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:sun:jre:*:update10:*:*:*:*:*:*range: <=1.5.0
- cpe:2.3:a:sun:jre:*:update11:*:*:*:*:*:*range: <=1.5.0
- cpe:2.3:a:sun:jre:*:update12:*:*:*:*:*:*range: <=1.5.0
- cpe:2.3:a:sun:jre:*:update13:*:*:*:*:*:*range: <=1.5.0
- cpe:2.3:a:sun:jre:*:update7:*:*:*:*:*:*range: <=1.5.0
- cpe:2.3:a:sun:jre:*:update8:*:*:*:*:*:*range: <=1.5.0
- cpe:2.3:a:sun:jre:*:update9:*:*:*:*:*:*range: <=1.5.0
- (no CPE)range: <5.0 update 14
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.