Vulnerability Details : CVE-2014-8873
A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary code via a JAR file.
Vulnerability category: Input validationExecute code
Exploit prediction scoring system (EPSS) score for CVE-2014-8873
Probability of exploitation activity in the next 30 days: 0.92%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-8873
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2014-8873
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8873
-
http://www.debian.org/security/2015/dsa-3235
Debian -- Security Information -- DSA-3235-1 openjdk-7Vendor Advisory
-
http://www.debian.org/security/2015/dsa-3316
Debian -- Security Information -- DSA-3316-1 openjdk-7Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2015/07/18/2
oss-security - CVE-2014-8873 was fixed in DSA-3235-1
-
http://www.securityfocus.com/bid/76019
Debian OpenJDK CVE-2014-8873 Remote Code Execution Vulnerability
Products affected by CVE-2014-8873
- cpe:2.3:a:oracle:openjdk:1.7.0:*:*:*:*:*:*:*