QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2010-3559

Back to search

CVE-2010-3559

Published: Oct 19, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.

VendorProductVersions

n/a

n/a

affected
n/a

References

HPSBMU02799
vendor-advisory
x_refsource_HP
RHSA-2010:0770
vendor-advisory
x_refsource_REDHAT
SSRT100333
vendor-advisory
x_refsource_HP
oval:org.mitre.oval:def:11880
vdb-entry
signature
x_refsource_OVAL
44026
vdb-entry
x_refsource_BID
RHSA-2010:0873
vendor-advisory
x_refsource_REDHAT
oval:org.mitre.oval:def:12556
vdb-entry
signature
x_refsource_OVAL
42974
third-party-advisory
x_refsource_SECUNIA
HPSBUX02608
vendor-advisory
x_refsource_HP
SUSE-SR:2010:019
vendor-advisory
x_refsource_SUSE
41967
third-party-advisory
x_refsource_SECUNIA
RHSA-2010:0807
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now