CVE-2009-1672

SUN Jre - Memory Corruption

Title source: rule

Description

The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmldoswindows

https://www.exploit-db.com/exploits/8665

View Code ZIP pw:eip

References (4)

[Exploit] http://www.securityfocus.com/bid/34931

[Exploit, URL Repurposed] http://www.shinnai.net/xplits/TXT_mhxRKrtrPLyAHRFNm7QR.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/50629

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/8665

Scores

EPSS 0.0654

EPSS Percentile 91.2%

Details

CWE

CWE-119

Status published

Products (1)

sun/jre 6 update_13

Published May 18, 2009

Tracked Since Feb 18, 2026