CVE-2009-3871

critical

Description

Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9360

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8275

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6698

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12134

http://zerodayinitiative.com/advisories/ZDI-09-079/

http://www.vupen.com/english/advisories/2009/3131

http://www.securityfocus.com/bid/36881

http://www.redhat.com/support/errata/RHSA-2009-1694.html

http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

http://support.apple.com/kb/HT3970

http://support.apple.com/kb/HT3969

http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1

http://securitytracker.com/id?1023132

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://secunia.com/advisories/37841

http://secunia.com/advisories/37581

http://secunia.com/advisories/37386

http://secunia.com/advisories/37239

http://secunia.com/advisories/37231

http://marc.info/?l=bugtraq&m=134254866602253&w=2

http://marc.info/?l=bugtraq&m=131593453929393&w=2

http://marc.info/?l=bugtraq&m=126566824131534&w=2

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html

http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html

http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html

http://java.sun.com/javase/6/webnotes/6u17.html

Details

Source: Mitre, NVD

Published: 2009-11-05

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical