CVE-2009-3869

Sun Java JRE AWT setDiffICM Buffer Overflow

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-3869. PoCs published by Metasploit, jduck, including Metasploit module exploits/multi/browser/java_setdifficm_bof.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in the Sun Java JRE AWT setDiffICM function (CVE-2009-3869) by delivering a malicious applet via HTTP. It supports multiple targets and platforms, including Windows, Mac OS X (PPC/x86), and requires no authentication.

Description

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/16298

This Metasploit module exploits a buffer overflow in the Sun Java JRE AWT setDiffICM function (CVE-2009-3869) by delivering a malicious applet via HTTP. It supports multiple targets and platforms, including Windows, Mac OS X (PPC/x86), and requires no authentication.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sun Java JRE JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, SDK and JRE 1.3.1_26 and earlier
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Vulnerable Java version must be installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_setdifficm_bof.rb

This Metasploit module exploits a buffer overflow vulnerability in the Sun Java JRE AWT setDiffICM function. It delivers a serialized payload via an applet to achieve remote code execution on vulnerable Java versions.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sun Java JRE/JDK 6 Update 16 and earlier, JDK/JRE 5.0 Update 21 and earlier, SDK/JRE 1.4.2_23 and earlier, SDK/JRE 1.3.1_26 and earlier
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Vulnerable Java version must be installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (27)

Core 27
Core References
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=126566824131534&w=2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11262
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200911-02.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023132
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36881
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3970
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=134254866602253&w=2
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3969
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=131593453929393&w=2
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1694.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10741
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8566
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7400
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37231
Patch, Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3131
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37581
Vendor Advisory x_refsource_confirm
http://java.sun.com/javase/6/webnotes/6u17.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37841
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37239
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37386

Scores

EPSS 0.6546
EPSS Percentile 99.2%

Details

CWE
CWE-119
Status published
Products (3)
sun/jdk 1.5.0 update_1 (21 CPE variants)
sun/jdk 1.6.0 update_1 (16 CPE variants)
sun/jre 1.5.0 update_1 (13 CPE variants)
Published Nov 05, 2009
Tracked Since Feb 18, 2026