Published: 05/08/2009 Updated: 30/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent malicious users to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun jdk 6
sun jre 6
sun jdk 1.6.0

It was discovered that the XML HMAC signature system did not correctly check certain lengths If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation (CVE-2009-0217) ...

Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that correct several security issues arenow available for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by t ...

Synopsis Important: java-160-openjdk security and bug fix update Type/Severity Security Advisory: Important Topic Updated java-160-openjdk packages that fix several security issues and abug are now available for Red Hat Enterprise Linux 5This update has been rated as having important security impact by ...

Synopsis Low: Red Hat Network Satellite Server IBM Java Runtime security update Type/Severity Security Advisory: Low Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Network Satellite Server 53This update has been rated as having low security impact by th ...

CWE-264 http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-263428-1 http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html https://rhn.redhat.com/errata/RHSA-2009-1200.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html http://www.zerodayinitiative.com/advisories/ZDI-09-050/http://secunia.com/advisories/36176 https://rhn.redhat.com/errata/RHSA-2009-1201.html http://secunia.com/advisories/36162 http://secunia.com/advisories/36248 http://secunia.com/advisories/36180 http://www.mandriva.com/security/advisories?name=MDVSA-2009:209 http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://www.vupen.com/english/advisories/2009/2543 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://www.us-cert.gov/cas/techalerts/TA09-294A.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://security.gentoo.org/glsa/glsa-200911-02.xml http://secunia.com/advisories/37300 http://marc.info/?l=bugtraq&m=125787273209737&w=2 http://secunia.com/advisories/37386 http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html https://exchange.xforce.ibmcloud.com/vulnerabilities/52339 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10073 https://usn.ubuntu.com/814-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-2674

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect