VYPR
Unrated severityNVD Advisory· Published Jan 9, 2008· Updated Jun 16, 2026

CVE-2007-0012

CVE-2007-0012

Description

Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM.

Affected products

8
  • cpe:2.3:a:sun:jre:*:update10:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:sun:jre:*:update10:*:*:*:*:*:*range: <=1.5.0
    • cpe:2.3:a:sun:jre:*:update11:*:*:*:*:*:*range: <=1.5.0
    • cpe:2.3:a:sun:jre:*:update12:*:*:*:*:*:*range: <=1.5.0
    • cpe:2.3:a:sun:jre:*:update13:*:*:*:*:*:*range: <=1.5.0
    • cpe:2.3:a:sun:jre:*:update7:*:*:*:*:*:*range: <=1.5.0
    • cpe:2.3:a:sun:jre:*:update8:*:*:*:*:*:*range: <=1.5.0
    • cpe:2.3:a:sun:jre:*:update9:*:*:*:*:*:*range: <=1.5.0
    • (no CPE)range: <5.0 update 14

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.