[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110204

 
 

909

 
 

85984

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-3868Date: (C)2009-11-05   (M)2018-06-09


Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 9.3
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: COMPLETE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  
Reference:
SECTRACK-1023132
SUNALERT-270474
BID-36881
SECUNIA-37231
SECUNIA-37239
SECUNIA-37386
SECUNIA-37581
SECUNIA-37841
ADV-2009-3131
APPLE-SA-2009-12-03-1
APPLE-SA-2009-12-03-2
GLSA-200911-02
HPSBMU02703
HPSBMU02799
RHSA-2009:1694
SSRT100019
SSRT100242
SUSE-SA:2009:058
http://java.sun.com/javase/6/webnotes/6u17.html
http://support.apple.com/kb/HT3969
http://support.apple.com/kb/HT3970
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html

CPE    127
cpe:/a:sun:sdk:1.4.2_03
cpe:/a:sun:sdk:1.4.2_04
cpe:/a:sun:sdk:1.4.2_09
cpe:/a:sun:sdk:1.4.2_08
...
CWE    1
CWE-119
OVAL    2
oval:org.secpod.oval:def:19724
oval:org.secpod.oval:def:400070

© SecPod Technologies