CVE-2009-1671

Name of the Vulnerable Software and Affected Versions: Sun Java SE Runtime Environment (aka JRE) 6 Update 13

Description: The issue is related to multiple buffer overflows in the Deployment Toolkit ActiveX control. These overflows can be triggered by a long string argument to certain methods, including the setInstallerType, setAdditionalPackages, compareVersion, getStaticCLSID, or launch method. This can allow remote attackers to execute arbitrary code.

Recommendations: For Sun Java SE Runtime Environment (aka JRE) 6 Update 13, consider disabling the Deployment Toolkit ActiveX control until a patch is available. Restrict access to the deploytk.dll to minimize the risk of exploitation. Avoid using long string arguments in the affected methods until the issue is resolved.