National Cyber-Alert System

Vulnerability Summary for CVE-2009-3869

Overview

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MISC

Name: http://zerodayinitiative.com/advisories/ZDI-09-078/

Type: Patch Information

Hyperlink:http://zerodayinitiative.com/advisories/ZDI-09-078/

External Source: VUPEN

Name: ADV-2009-3131

Type: Advisory; Patch Information

Hyperlink:http://www.vupen.com/english/advisories/2009/3131

External Source: SUNALERT

Name: 270474

Type: Advisory; Patch Information

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1

External Source: BID

Name: 36881

Hyperlink:http://www.securityfocus.com/bid/36881

External Source: REDHAT

Name: RHSA-2009:1694

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-1694.html

External Source: CONFIRM

Name: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html

Hyperlink:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html

External Source: CONFIRM

Name: http://support.apple.com/kb/HT3970

Hyperlink:http://support.apple.com/kb/HT3970

External Source: CONFIRM

Name: http://support.apple.com/kb/HT3969

Hyperlink:http://support.apple.com/kb/HT3969

External Source: SECTRACK

Name: 1023132

Hyperlink:http://securitytracker.com/id?1023132

External Source: GENTOO

Name: GLSA-200911-02

Hyperlink:http://security.gentoo.org/glsa/glsa-200911-02.xml

External Source: SECUNIA

Name: 37841

Hyperlink:http://secunia.com/advisories/37841

External Source: SECUNIA

Name: 37581

Hyperlink:http://secunia.com/advisories/37581

External Source: SECUNIA

Name: 37386

Hyperlink:http://secunia.com/advisories/37386

External Source: SECUNIA

Name: 37239

Hyperlink:http://secunia.com/advisories/37239

External Source: SECUNIA

Name: 37231

Type: Advisory

Hyperlink:http://secunia.com/advisories/37231

External Source: SUSE

Name: SUSE-SA:2009:058

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html

External Source: APPLE

Name: APPLE-SA-2009-12-03-2

Hyperlink:http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html

External Source: APPLE

Name: APPLE-SA-2009-12-03-1

Hyperlink:http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html

External Source: CONFIRM

Name: http://java.sun.com/javase/6/webnotes/6u17.html

Type: Advisory

Hyperlink:http://java.sun.com/javase/6/webnotes/6u17.html