PT-2009-4155 · Sun+1 · Sun Java Runtime Environment+1
Shinnai
·
Published
2009-05-18
·
Updated
2024-02-14
·
CVE-2009-1671
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Sun Java SE Runtime Environment (aka JRE) 6 Update 13
Description:
The issue is related to multiple buffer overflows in the Deployment Toolkit ActiveX control. These overflows can be triggered by a long string argument to certain methods, including the
setInstallerType, setAdditionalPackages, compareVersion, getStaticCLSID, or launch method. This can allow remote attackers to execute arbitrary code.Recommendations:
For Sun Java SE Runtime Environment (aka JRE) 6 Update 13, consider disabling the Deployment Toolkit ActiveX control until a patch is available. Restrict access to the
deploytk.dll to minimize the risk of exploitation. Avoid using long string arguments in the affected methods until the issue is resolved.Exploit
Fix
RCE
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Java Platform
Sun Java Runtime Environment