VDB
CVE-2016-0603
CVE-2016-0603
PUBLISHED
CVSS 7.599999904632568 HIGH
Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the previous information is from Oracle's Security Alert for CVE-2016-0603. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory."
EPSS 3.22% · 87.3th percentile
Risk Scores
CVSS 2.0
7.599999904632568
EPSS Score
3.22%
87.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | jdk | 1.7.0, 1.8.0, 1.6.0 |
| Oracle | N/A | |
| n/a | n/a | n/a |
| oracle | jre | 1.6.0, 1.7.0, 1.8.0 |
Exploit Intelligence
- 83008 (circl)
- GLSA-201610-08 (circl)
- http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html (circl)
- 20160210 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox (circl)
- 20160205 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox (circl)
- 1034969 (circl)
- https://security.netapp.com/advisory/ntap-20160217-0001/ (circl)
- A Simple PoC for CVE-2012-4681 (github-poc)
- A Simple PoC for CVE-2012-4681 (github-poc)
- A Simple PoC for CVE-2012-4681 (github-poc)
…and 13 more exploits
Timeline
- Feb 8, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 26, 2023 EPSS Score
References
- http://seclists.org/fulldisclosure/2016/Feb/54 technical
- http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html advisory
- http://www.securityfocus.com/archive/1/537462/100/0/threaded technical
- http://www.securityfocus.com/bid/83008 technical
- http://www.securitytracker.com/id/1034969 technical
- https://security.gentoo.org/glsa/201610-08 technical
- https://security.netapp.com/advisory/ntap-20160217-0001/ technical
- https://nvd.nist.gov/vuln/detail/CVE-2016-0603 advisory
- https://security.netapp.com/advisory/ntap-20160217-0001 url