{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the previous information is from Oracle's Security Alert for CVE-2016-0603. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the \"application directory.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "83008", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/83008"}, {"name": "GLSA-201610-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201610-08"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html"}, {"name": "20160210 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Feb/54"}, {"name": "20160205 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/537462/100/0/threaded"}, {"name": "1034969", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034969"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20160217-0001/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2016-0603", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the previous information is from Oracle's Security Alert for CVE-2016-0603. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the \"application directory.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "83008", "refsource": "BID", "url": "http://www.securityfocus.com/bid/83008"}, {"name": "GLSA-201610-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201610-08"}, {"name": "http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html"}, {"name": "20160210 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Feb/54"}, {"name": "20160205 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/537462/100/0/threaded"}, {"name": "1034969", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034969"}, {"name": "https://security.netapp.com/advisory/ntap-20160217-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20160217-0001/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:22:55.902Z"}, "title": "CVE Program Container", "references": [{"name": "83008", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/83008"}, {"name": "GLSA-201610-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201610-08"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html"}, {"name": "20160210 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Feb/54"}, {"name": "20160205 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/537462/100/0/threaded"}, {"name": "1034969", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034969"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20160217-0001/"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2016-0603", "datePublished": "2016-02-08T16:00:00", "dateReserved": "2015-12-09T00:00:00", "dateUpdated": "2024-08-05T22:22:55.902Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update111:*:*:*:*:*:*", "matchCriteriaId": "C7243E86-0975-4F38-8B73-D777EF149544", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update95:*:*:*:*:*:*", "matchCriteriaId": "BEE03083-0501-4BEE-869A-8F04A5523A75", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update71:*:*:*:*:*:*", "matchCriteriaId": "3ECD43E4-BA5B-4F4B-A0F4-7AF2DED497DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update72:*:*:*:*:*:*", "matchCriteriaId": "4A71D7DA-58C4-4070-9FB1-1FF9C4B4573A", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update111:*:*:*:*:*:*", "matchCriteriaId": "17219CC8-22FF-4E19-AF3D-FB6323D0C72B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update95:*:*:*:*:*:*", "matchCriteriaId": "A3B6676E-CF9C-4680-B5E5-641C08284D2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update72:*:*:*:*:*:*", "matchCriteriaId": "93A8C261-0440-432B-A650-E87C6DC42D74", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the previous information is from Oracle's Security Alert for CVE-2016-0603. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the \"application directory.\""}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Java SE en Oracle Java SE 6u111, 7u95, 8u71 y 8u72, cuando se est\u00e1 ejecutando en Windows, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos relacionados con Install. NOTA: la informaci\u00f3n anterior proviene de Oracle's Security Alert para CVE-2016-0603. Oracle no ha comentado sobre las reclamaciones de terceros que esto es un problema de b\u00fasqueda de ruta no confiable que permite a usuarios locales obtener privilegios a trav\u00e9s de un troyano dll en el \"directorio aplicaci\u00f3n\"."}], "id": "CVE-2016-0603", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-08T16:59:01.737", "references": [{"source": "secalert_us@oracle.com", "url": "http://seclists.org/fulldisclosure/2016/Feb/54"}, {"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/archive/1/537462/100/0/threaded"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/83008"}, {"source": "secalert_us@oracle.com", "url": "http://www.securitytracker.com/id/1034969"}, {"source": "secalert_us@oracle.com", "url": "https://security.gentoo.org/glsa/201610-08"}, {"source": "secalert_us@oracle.com", "url": "https://security.netapp.com/advisory/ntap-20160217-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2016/Feb/54"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/537462/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/83008"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034969"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201610-08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20160217-0001/"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}