CVE-2009-3867

Name of the Vulnerable Software and Affected Versions Java SE versions 1.3.x prior to 1.3.1 27 Java SE versions 1.4.x prior to 1.4.2 24 Java SE versions 5.0 prior to Update 22 Java SE versions 6 prior to Update 17

Description The issue is a stack-based buffer overflow in the HsbParser.getSoundBank function. This allows remote attackers to execute arbitrary code via a long file: URL in an argument.

Recommendations For Java SE versions 1.3.x prior to 1.3.1 27, update to version 1.3.1 27 or later. For Java SE versions 1.4.x prior to 1.4.2 24, update to version 1.4.2 24 or later. For Java SE versions 5.0 prior to Update 22, update to Update 22 or later. For Java SE versions 6 prior to Update 17, update to Update 17 or later.