CVE-2009-3869

HIGH

Description

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.

References

http://java.sun.com/javase/6/webnotes/6u17.html

http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html

http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html

http://marc.info/?l=bugtraq&m=126566824131534&w=2

http://marc.info/?l=bugtraq&m=131593453929393&w=2

http://marc.info/?l=bugtraq&m=134254866602253&w=2

http://secunia.com/advisories/37231

http://secunia.com/advisories/37239

http://secunia.com/advisories/37386

http://secunia.com/advisories/37581

http://secunia.com/advisories/37841

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://securitytracker.com/id?1023132

http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1

http://support.apple.com/kb/HT3969

http://support.apple.com/kb/HT3970

http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html

http://www.redhat.com/support/errata/RHSA-2009-1694.html

http://www.securityfocus.com/bid/36881

http://www.vupen.com/english/advisories/2009/3131

http://zerodayinitiative.com/advisories/ZDI-09-078/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10741

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11262

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7400

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8566

Details

Source: MITRE

Published: 2009-11-05

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH