CVE-2009-1671

SUN Jre - Memory Corruption

Title source: rule

Description

Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmldoswindows

https://www.exploit-db.com/exploits/8665

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/34931

[Exploit, URL Repurposed] http://www.shinnai.net/xplits/TXT_mhxRKrtrPLyAHRFNm7QR.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/8665

Scores

EPSS 0.0602

EPSS Percentile 90.6%

Classification

CWE

CWE-119

Status draft

Affected Products (1)

sun/jre

Timeline

Published May 18, 2009

Tracked Since Feb 18, 2026