CVE-2009-1671
Java SE Runtime Environment JRE 6 Update 13 - Multiple Vulnerabilities
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method.
Múltiple desbordamiento de búfer en el control ActiveX Deployment Toolkit en deploytk.dll v6.0.130.3 en Sun Java SE Runtime Environment (también conocido como JRE) v6 Update 13 permite a atacantes remotos ejecutar código de su elección a través de un argumento string largo sobre los métodos (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, o (5) launch.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-05-18 CVE Reserved
- 2009-05-18 CVE Published
- 2023-08-21 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/8665 | 2024-08-07 | |
| http://www.securityfocus.com/bid/34931 | 2024-08-07 | |
| http://www.shinnai.net/xplits/TXT_mhxRKrtrPLyAHRFNm7QR.html | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|