CVE-2009-1099

Name of the Vulnerable Software and Affected Versions Java SE Development Kit (JDK) versions 5.0 Update 17 and earlier Java SE Development Kit (JDK) versions 6 Update 12 and earlier Java Runtime Environment (JRE) versions 5.0 Update 17 and earlier Java Runtime Environment (JRE) versions 6 Update 12 and earlier

Description The issue is related to an integer signedness error that allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font. This error bypasses a signed comparison and triggers a buffer overflow.

Recommendations For Java SE Development Kit (JDK) versions 5.0 Update 17 and earlier, update to a version later than Update 17. For Java SE Development Kit (JDK) versions 6 Update 12 and earlier, update to a version later than Update 12. For Java Runtime Environment (JRE) versions 5.0 Update 17 and earlier, update to a version later than Update 17. For Java Runtime Environment (JRE) versions 6 Update 12 and earlier, update to a version later than Update 12.