CVSS: 9.3EPSS: 35%CPEs: 339EXPL: 0CVE-2009-3871 – Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3871
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. Desbordamiento de búfer basado en memoria dinámica en la función setBytePixels en Abstract Window Toolkit (AWT) en Java Runtime Environment (JRE) en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, SDK y JRE v1.3.x anteriores a v1.3.1_27, y SDK y JRE v1.4.x anteriores a v1.4.2_24 permite a los atacantes remotos ejecutar arbitrariamente código a través de argumentos manipulados, también conocido como Id 6872358. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of arguments to the setBytePixels AWT library function. Due to the lack of bounds checking on the parameters to the function a user controllable memcpy can result in a heap overflow. • http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://marc.info/?l=bugtraq&m=126566824131534&w=2 http://marc.info/?l=bugtraq&m=131593453929393&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/37231 http://secunia.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 31%CPEs: 339EXPL: 0CVE-2009-3874 – Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3874
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. Desbordamiento de entero en la implementacion JPEGImageReader en el componente ImageI/O en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, y SDK y JRE v1.4.x anteriores a v1.4.2_24 permite a los atacantes remotos ejecutar arbitrariamente código a través de submuestra de dimensión larga en un archivo JPEG que lanza un desbordamiento de búfer basado en memoria dinámica, también conocido como Id 6874643. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of JPEG image dimensions. When specifying large values to the dimensions of a subsample an integer overflow occurs leading to memory corruption. • http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://marc.info/?l=bugtraq&m=126566824131534&w=2 http://marc.info/?l=bugtraq&m=131593453929393&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/37231 http://secunia.co • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2716 – JDK improper version selection
https://notcve.org/view.php?id=CVE-2009-2716
The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certificate handling" and have unspecified other impact via unknown vectors. La funcionalidad de plugin en Sun Java SE v6 versiones anteriores a Update 15 no implementa adecuadamente la selección de versión, permitiendo a atacantes dependientes del contexto aprovechar vulnerabilidades en "gestión antigua de ficheros zip y certificados" y tener otro impacto no especificado mediante vectores desconocidos. • http://java.sun.com/javase/6/webnotes/6u15.html http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-200911-02.xml http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/3316 https://access.redhat.com/security/cve/CVE-2009-2716 https://bugzilla.redhat.com/show_bug.cgi?id=516812 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2718 – JDK reposition of untrusted applet security icon in X11
https://notcve.org/view.php?id=CVE-2009-2718
The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. La implementación de Abstract Window Toolkit (AWT) en Sun Java SE v6 anteriores a Update 15 para X11 no impone la restricción de distancia prevista desde el borde de la ventana al Security Warning Icon, facilitando a atacantes dependientes del contexto que engañen a un usuario para interactuar sin seguridad con un applet no confiable. • http://java.sun.com/javase/6/webnotes/6u15.html http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-200911-02.xml http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/3316 https://access.redhat.com/security/cve/CVE-2009-2718 https://bugzilla.redhat.com/show_bug.cgi?id=516815 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2719 – JDK DoS with crafted .jnlp file
https://notcve.org/view.php?id=CVE-2009-2719
The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP). La implementación de Java Web Start en Sun Java SE v6 anteriores a Update 15 permite a los atacantes dependientes del contexto provocar una denegación de servicio (excepción de puntero nulo) mediante un fichero .jnlp modificado, como se ha demostrado al probar jnlp_file/appletDesc/index.html#misc en el Technology Compatibility Kit (TCK) para el Java Network Launching Protocol (JNLP). • http://java.sun.com/javase/6/webnotes/6u15.html http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-200911-02.xml http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/3316 https://access.redhat.com/security/cve/CVE-2009-2719 https://bugzilla.redhat.com/show_bug.cgi?id=516820 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •