CVSS: 9.3EPSS: 1%CPEs: 339EXPL: 0CVE-2009-3868 – java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970)
https://notcve.org/view.php?id=CVE-2009-3868
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. Sun Java SE en JDK y JRE 5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, SDK y JRE v1.3.x anteriores a v1.3.1_27, y SDK y JRE v1.4.x anteriores a v1.4.2_24 no analiza adecuadamente el perfil color, lo que permite a los atacantes remotos obtener privilegios a través de un archivo de imagen manipulado también conocido como Bud Id 6862970. • http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://marc.info/?l=bugtraq&m=126566824131534&w=2 http://marc.info/?l=bugtraq&m=131593453929393&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/37231 http://secunia.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 339EXPL: 0CVE-2009-3873 – OpenJDK JPEG Image Writer quantization problem (6862968)
https://notcve.org/view.php?id=CVE-2009-3873
The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. El JPEG Image Writer en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, y SDK y JRE v1.4.x anteriores a v1.4.2_24 permite a los atacantes remotos obtener privilegios a través de un archivo de imagen manipulado, relativo a "problemas de cuantificación", también conocido como Bug 6862968. • http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://marc.info/?l=bugtraq&m=126566824131534&w=2 http://marc.info/?l=bugtraq&m=131593453929393&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/37231 http://secunia.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 339EXPL: 0CVE-2009-3872 – JRE JPEG JFIF Decoder issue (6862969)
https://notcve.org/view.php?id=CVE-2009-3872
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. Vulnerabilidad no especificada en el JPEG JFIF Decoder en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, SDK y JRE v1.3.x anteriores a v1.3.1_27, y SDK y JRE v1.4.x anteriores a v1.4.2_24 permite a los atacantes remotos obtener privilegios a través de una archivo de imagen manipulado, también conocido como Id 6862969. • http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://marc.info/?l=bugtraq&m=126566824131534&w=2 http://marc.info/?l=bugtraq&m=131593453929393&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/37231 http://secunia.co •
CVSS: 9.3EPSS: 1%CPEs: 33EXPL: 0CVE-2009-3865 – java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752)
https://notcve.org/view.php?id=CVE-2009-3865
The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. El método launch en el plugin Deployment Toolkit en Java Runtime Environment (JRE) en Sun Java SE en JDK y JRE 6 anteriores a Update 17 permite a los atacantes remotos ejecutar arbitrariamente comandos a través de una página web manipulada, también conocido como Bug Id 6869752. • http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/37231 http://secunia.com/advisories/37239 http://secunia.com/advisories/37386 http://secunia.com/advisories/37581 http://secunia. • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 2%CPEs: 78EXPL: 0CVE-2009-3864
https://notcve.org/view.php?id=CVE-2009-3864
The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694. La funcionalidad Java Update en Java Runtime Environment (JRE) en Sun Java SE en JDK y JRE v5.0 anteriores Update 22 y JDK y JRE v6 before Update 17, cuando una versión no inglesa de Windows es utilizada, no recupera nuevas versiones JRE disponibles, lo que permite a los atacantes remotos aprovechar vulnerabilidades de anteriores actualizaciones de este software, también conocido como Bud Id 6869694. • http://java.sun.com/javase/6/webnotes/6u17.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://secunia.com/advisories/37231 http://secunia.com/advisories/37239 http://sunsolve.sun.com/search/document.do?assetkey=1-66-269868-1 http://www.securityfocus.com/bid/36881 http://www.vupen.com/english/advisories/2009/3131 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6753 •