OpenCVE

Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the previous information is from Oracle's Security Alert for CVE-2016-0603. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:H/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Oracle	Jdk Jre

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:oracle:jre:1.6.0:update111::::::
	cpe:2.3:a:oracle:jre:1.7.0:update95::::::
	cpe:2.3:a:oracle:jre:1.8.0:update71::::::
	cpe:2.3:a:oracle:jre:1.8.0:update72::::::

Configuration 2 [-]

AND

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:oracle:jdk:1.6.0:update111::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update95::::::
	cpe:2.3:a:oracle:jdk:1.8.0:update72::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2016/Feb/54
http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html
http://www.securityfocus.com/archive/1/537462/100/0/threaded
http://www.securityfocus.com/bid/83008
http://www.securitytracker.com/id/1034969
https://security.gentoo.org/glsa/201610-08
https://security.netapp.com/advisory/ntap-20160217-0001/

History

No history.

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2016-02-08T16:00:00

Updated: 2024-08-05T22:22:55.902Z

Reserved: 2015-12-09T00:00:00

Link: CVE-2016-0603

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-02-08T16:59:01.737

Modified: 2024-11-21T02:42:01.257

Link: CVE-2016-0603

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the previous information is from Oracle's Security Alert for CVE-2016-0603. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the \"application directory.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "83008", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/83008"}, {"name": "GLSA-201610-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201610-08"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html"}, {"name": "20160210 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Feb/54"}, {"name": "20160205 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/537462/100/0/threaded"}, {"name": "1034969", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034969"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20160217-0001/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2016-0603", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the previous information is from Oracle's Security Alert for CVE-2016-0603. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the \"application directory.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "83008", "refsource": "BID", "url": "http://www.securityfocus.com/bid/83008"}, {"name": "GLSA-201610-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201610-08"}, {"name": "http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html"}, {"name": "20160210 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Feb/54"}, {"name": "20160205 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/537462/100/0/threaded"}, {"name": "1034969", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034969"}, {"name": "https://security.netapp.com/advisory/ntap-20160217-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20160217-0001/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:22:55.902Z"}, "title": "CVE Program Container", "references": [{"name": "83008", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/83008"}, {"name": "GLSA-201610-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201610-08"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html"}, {"name": "20160210 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Feb/54"}, {"name": "20160205 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/537462/100/0/threaded"}, {"name": "1034969", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034969"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20160217-0001/"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2016-0603", "datePublished": "2016-02-08T16:00:00", "dateReserved": "2015-12-09T00:00:00", "dateUpdated": "2024-08-05T22:22:55.902Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update111:*:*:*:*:*:*", "matchCriteriaId": "C7243E86-0975-4F38-8B73-D777EF149544", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update95:*:*:*:*:*:*", "matchCriteriaId": "BEE03083-0501-4BEE-869A-8F04A5523A75", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update71:*:*:*:*:*:*", "matchCriteriaId": "3ECD43E4-BA5B-4F4B-A0F4-7AF2DED497DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update72:*:*:*:*:*:*", "matchCriteriaId": "4A71D7DA-58C4-4070-9FB1-1FF9C4B4573A", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update111:*:*:*:*:*:*", "matchCriteriaId": "17219CC8-22FF-4E19-AF3D-FB6323D0C72B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update95:*:*:*:*:*:*", "matchCriteriaId": "A3B6676E-CF9C-4680-B5E5-641C08284D2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update72:*:*:*:*:*:*", "matchCriteriaId": "93A8C261-0440-432B-A650-E87C6DC42D74", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the previous information is from Oracle's Security Alert for CVE-2016-0603. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the \"application directory.\""}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Java SE en Oracle Java SE 6u111, 7u95, 8u71 y 8u72, cuando se est\u00e1 ejecutando en Windows, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos relacionados con Install. NOTA: la informaci\u00f3n anterior proviene de Oracle's Security Alert para CVE-2016-0603. Oracle no ha comentado sobre las reclamaciones de terceros que esto es un problema de b\u00fasqueda de ruta no confiable que permite a usuarios locales obtener privilegios a trav\u00e9s de un troyano dll en el \"directorio aplicaci\u00f3n\"."}], "id": "CVE-2016-0603", "lastModified": "2024-11-21T02:42:01.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-08T16:59:01.737", "references": [{"source": "secalert_us@oracle.com", "url": "http://seclists.org/fulldisclosure/2016/Feb/54"}, {"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/archive/1/537462/100/0/threaded"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/83008"}, {"source": "secalert_us@oracle.com", "url": "http://www.securitytracker.com/id/1034969"}, {"source": "secalert_us@oracle.com", "url": "https://security.gentoo.org/glsa/201610-08"}, {"source": "secalert_us@oracle.com", "url": "https://security.netapp.com/advisory/ntap-20160217-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2016/Feb/54"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/537462/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/83008"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034969"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201610-08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20160217-0001/"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}