Vulnerability CVE-2009-1672
Published: 2009-05-18   Modified: 2012-02-13

Description:
The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method.

See advisories in our WLB2 database:
Topic
Author
Date
High
Java SE Runtime Environment - JRE 6 Update 13 Multiple Vulnerabilities
shinnai
20.05.2009

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
SUN -> JRE 

 References:
http://xforce.iss.net/xforce/xfdb/50629
http://www.shinnai.net/xplits/TXT_mhxRKrtrPLyAHRFNm7QR.html
http://www.securityfocus.com/bid/34931
http://www.milw0rm.com/exploits/8665
Copyright 2024, cxsecurity.com

 

Back to Top