CVE-2009-3869

Sun Java JRE AWT setDiffICM Buffer Overflow

Title source: metasploit

Description

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/16298

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_setdifficm_bof.rb

View Code ZIP pw:eip

References (27)

[Vendor Advisory] http://java.sun.com/javase/6/webnotes/6u17.html

[Mailing List] http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html

[Mailing List] http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html

[Mailing List] http://marc.info/?l=bugtraq&m=126566824131534&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=131593453929393&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=134254866602253&w=2

[Vendor Advisory] http://secunia.com/advisories/37231

[Patch, Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1

[Vendor Advisory] http://support.apple.com/kb/HT3969

[Vendor Advisory] http://support.apple.com/kb/HT3970

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2009-1694.html

[Patch, Vendor Advisory] http://www.vupen.com/english/advisories/2009/3131

[Patch] http://zerodayinitiative.com/advisories/ZDI-09-078/

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10741

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11262

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7400

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8566

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/36881

... and 7 more

Scores

EPSS 0.7848

EPSS Percentile 99.0%

Details

CWE

CWE-119

Status published

Products (3)

sun/jdk 1.5.0 update_1 (21 CPE variants)

sun/jdk 1.6.0 update_1 (16 CPE variants)

sun/jre 1.5.0 update_1 (13 CPE variants)

Published Nov 05, 2009

Tracked Since Feb 18, 2026