You are here

CVE-2009-2674

Vincent (CVE) Danen's picture
Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow.

Details Source

Mitre

Public Date

2009-08-05 00:00:00

Impact

Critical

Bugzilla

CVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow (6823373)

Bugzilla ID

512 915

CVSS Status

verified

Base Score

6.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat Satellite 5.3 (RHEL v.5) (java-1.6.0-ibm) RHSA-2010:0043 2010-01-14
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2009:1582 2009-11-12
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-sun) RHSA-2009:1200 2009-08-06
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk) RHSA-2009:1201 2009-08-06
Red Hat Satellite 5.3 (RHEL v.4) (java-1.6.0-ibm) RHSA-2010:0043 2010-01-14
Red Hat Enterprise Linux AS version 4 Extras (java-1.6.0-ibm) RHSA-2009:1582 2009-11-12
Red Hat Enterprise Linux AS version 4 Extras (java-1.6.0-sun) RHSA-2009:1200 2009-08-06

CWE

CWE-190