CVE-2009-3869

critical

Description

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8566

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7400

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11262

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10741

http://zerodayinitiative.com/advisories/ZDI-09-078/

http://www.vupen.com/english/advisories/2009/3131

http://www.securityfocus.com/bid/36881

http://www.redhat.com/support/errata/RHSA-2009-1694.html

http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

http://support.apple.com/kb/HT3970

http://support.apple.com/kb/HT3969

http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1

http://securitytracker.com/id?1023132

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://secunia.com/advisories/37841

http://secunia.com/advisories/37581

http://secunia.com/advisories/37386

http://secunia.com/advisories/37239

http://secunia.com/advisories/37231

http://marc.info/?l=bugtraq&m=134254866602253&w=2

http://marc.info/?l=bugtraq&m=131593453929393&w=2

http://marc.info/?l=bugtraq&m=126566824131534&w=2

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html

http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html

http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html

http://java.sun.com/javase/6/webnotes/6u17.html

Details

Source: Mitre, NVD

Published: 2009-11-05

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical