CVE-2009-1671

JRE 6 Update 13 - Remote Code Execution via Deployment Toolkit ActiveX Control Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1671. PoCs published by shinnai.

AI-analyzed exploit summary This exploit targets multiple vulnerabilities in Java SE Runtime Environment JRE 6 Update 13, specifically focusing on the deploytk.dll component. It includes methods to trigger stack-based buffer overflows and remote .jnlp execution, leading to potential remote code execution or denial of service.

Description

Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method.

Exploits (1)

exploitdb WORKING POC VERIFIED
by shinnai · htmldoswindows
https://www.exploit-db.com/exploits/8665

This exploit targets multiple vulnerabilities in Java SE Runtime Environment JRE 6 Update 13, specifically focusing on the deploytk.dll component. It includes methods to trigger stack-based buffer overflows and remote .jnlp execution, leading to potential remote code execution or denial of service.

Classification
Working Poc 90%
Attack Type
Rce | Dos
Complexity
Moderate
Reliability
Reliable
Target: Java SE Runtime Environment JRE 6 Update 13
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Java SE Runtime Environment JRE 6 Update 13 must be installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8665
Exploit, URL Repurposed x_refsource_misc
http://www.shinnai.net/xplits/TXT_mhxRKrtrPLyAHRFNm7QR.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34931

Scores

EPSS 0.1034
EPSS Percentile 95.1%

Details

CWE
CWE-119
Status published
Products (1)
sun/jre 6 update_13
Published May 18, 2009
Tracked Since Feb 18, 2026