Sun Java JRE jpiexp32.dll NULL Pointer Remote DoS

Medium Nessus Plugin ID 30148


The remote Windows host has an application that is prone to a denial of service attack.


According to its version number, the Sun Java Runtime Environment (JRE) installed on the remote host reportedly contains an issue in 'jpiexp32.dll' that can lead to a NULL pointer exception when an HTML object references a Java applet but does not define the 'name' attribute. If a remote attacker can trick a user on the affected host into visiting a specially crafted web page, this issue could be leveraged to cause the JRE and Internet Explorer to crash.


Upgrade to Sun Java 2 JDK and JRE 5.0 update 14 or later.

See Also

Plugin Details

Severity: Medium

ID: 30148

File Name: sun_java_jre_jpiexp32_dos.nasl

Version: $Revision: 1.22 $

Type: local

Agent: windows

Family: Windows

Published: 2008/02/01

Modified: 2017/05/01

Dependencies: 33545

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Base Score: 4.3

Temporal Score: 4.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:jre

Required KB Items: SMB/Java/JRE/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/01/08

Reference Information

CVE: CVE-2007-0012

BID: 27185

OSVDB: 43435

CWE: 20