CVSS: 9.3EPSS: 10%CPEs: 31EXPL: 0CVE-2009-3866 – Sun Java Web Start Arbitrary Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-3866
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824. Java Web Start Installer en Sun Java SE en JDK y JRE 6 anteriores a Update 17 no usa adecuadamente los permisos del modelo de seguridad cuando borra las extensiones del instalador, lo que permite a los atacantes remotos ejecutar arbitrariamente código modificando ciertos archivos JNLP que tienen un campo URL que apunta a una aplicación no confiable, también conocido como Bug Id 6872824. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java WebStart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the implementation of security model permissions during the removal of installer extensions. By modifying an existing installer extension JNLP file, a condition occurs that allows for code supplied by a different URL than the original installer extension URL to run as a secure applet. • http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/37231 http://secunia.com/advisories/37239 http://secunia.com/advisories/37386 http://secunia.com/advisories/37581 http://secunia. • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 35%CPEs: 339EXPL: 0CVE-2009-3871 – Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3871
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. Desbordamiento de búfer basado en memoria dinámica en la función setBytePixels en Abstract Window Toolkit (AWT) en Java Runtime Environment (JRE) en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, SDK y JRE v1.3.x anteriores a v1.3.1_27, y SDK y JRE v1.4.x anteriores a v1.4.2_24 permite a los atacantes remotos ejecutar arbitrariamente código a través de argumentos manipulados, también conocido como Id 6872358. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of arguments to the setBytePixels AWT library function. Due to the lack of bounds checking on the parameters to the function a user controllable memcpy can result in a heap overflow. • http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://marc.info/?l=bugtraq&m=126566824131534&w=2 http://marc.info/?l=bugtraq&m=131593453929393&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/37231 http://secunia.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 31%CPEs: 339EXPL: 0CVE-2009-3874 – Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3874
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. Desbordamiento de entero en la implementacion JPEGImageReader en el componente ImageI/O en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, y SDK y JRE v1.4.x anteriores a v1.4.2_24 permite a los atacantes remotos ejecutar arbitrariamente código a través de submuestra de dimensión larga en un archivo JPEG que lanza un desbordamiento de búfer basado en memoria dinámica, también conocido como Id 6874643. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of JPEG image dimensions. When specifying large values to the dimensions of a subsample an integer overflow occurs leading to memory corruption. • http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://marc.info/?l=bugtraq&m=126566824131534&w=2 http://marc.info/?l=bugtraq&m=131593453929393&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/37231 http://secunia.co • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 17%CPEs: 56EXPL: 0CVE-2009-2625 – JDK: XML parsing Denial-Of-Service (6845701)
https://notcve.org/view.php?id=CVE-2009-2625
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. Apache Xerces2 Java, tal como se utiliza en Sun Java Runtime Environment (JRE) en JDK y JRE v6 anterior a la actualización 15 y el JDK y JRE v5.0 antes de la actualización 20, y en otros productos, permite a atacantes remotos provocar una denegación de servicio (bucle infinito y la cuelgue de aplicación) a través de una entrada XML malformada, como lo demuestra Codenomicon XML fuzzing framework. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://marc.info/?l=bugtraq&m=125787273209737&w=2 http://rhn.redhat.com/errata/RHSA-2012-1232.html http://rhn.redhat.co •
CVSS: 7.5EPSS: 5%CPEs: 27EXPL: 0CVE-2009-2674 – Java Web Start Buffer JPEG processing integer overflow (6823373)
https://notcve.org/view.php?id=CVE-2009-2674
Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow. Un desbordamiento de enteros en el archivo javaws.exe en Sun Java Web Start en Sun Java Runtime Environment (JRE) en JDK y JRE versión 6 anterior a Update 15, permite a los atacantes dependiendo del contexto ejecutar código arbitrario por medio de una imagen JPEG creada que no se maneja apropiadamente durante la visualización de una imagen de bienvenida, que desencadena un desbordamiento de búfer basado en la región heap de la memoria. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://marc.info/?l=bugtraq&m=125787273209737&w=2 http://secunia.com/advisories/36162 http://secunia.com/advisories/36176 http://secunia.com/advisories/36180 http://secunia.com/advisories/36248 • CWE-190: Integer Overflow or Wraparound CWE-264: Permissions, Privileges, and Access Controls •