[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-2674Date: (C)2009-08-05   (M)2024-02-22


Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SUNALERT-263428
SECUNIA-36162
SECUNIA-36176
SECUNIA-36180
SECUNIA-36248
SECUNIA-37300
SECUNIA-37386
ADV-2009-2543
APPLE-SA-2009-09-03-1
FEDORA-2009-8329
FEDORA-2009-8337
GLSA-200911-02
MDVSA-2009:209
RHSA-2009:1200
RHSA-2009:1201
SSRT090250
SUSE-SA:2009:043
SUSE-SA:2009:053
SUSE-SR:2009:016
TA09-294A
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
http://www.zerodayinitiative.com/advisories/ZDI-09-050/
oval:org.mitre.oval:def:10073
oval:org.mitre.oval:def:8073
sun-jre-jpeg-bo(52339)

CPE    1
cpe:/a:sun:jdk:1.6.0:update2
CWE    1
CWE-264
OVAL    9
oval:org.secpod.oval:def:400074
oval:org.secpod.oval:def:19704
oval:org.secpod.oval:def:300474
oval:org.secpod.oval:def:202770
...

© SecPod Technologies