PT-2009-6091 · Sun+1 · Java Se+1

Peter Csepely

Publicado

2009-11-05

Atualizado

2017-09-19

CVE-2009-3866

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sun Java SE versions prior to JDK and JRE 6 Update 17

Description The issue concerns the Java Web Start Installer in Sun Java SE, which does not properly utilize security model permissions when removing installer extensions. This allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application.

Recommendations For versions prior to JDK and JRE 6 Update 17, update to JDK and JRE 6 Update 17 or later to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2009-3866

RHSA-2009:1560

RHSA-2009:1694

RHSA-2010:0043

Produtos afetados

Java Platform

Java Se

PT-2009-6091 · Sun+1 · Java Se+1

CVE-2009-3866

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 22