CVE-2009-1097

CVSS V2 High 9.3 CVSS V3 None

Description

Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.

Overview

CVE ID
CVE-2009-1097

Assigner
cve@mitre.org

Vulnerability Status
Modified

Published Version
2009-03-25T23:30:00

Last Modified Date
2018-10-10T19:33:35

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:sun:jdk::update_12::::::*	1	OR	1.6.0
cpe:2.3:a:sun:jdk:1.6.0:::::::*	1	OR
cpe:2.3:a:sun:jdk:1.6.0:update_10::::::	1	OR
cpe:2.3:a:sun:jdk:1.6.0:update_11::::::	1	OR
cpe:2.3:a:sun:jdk:1.6.0:update_3::::::	1	OR
cpe:2.3:a:sun:jdk:1.6.0:update_4::::::	1	OR
cpe:2.3:a:sun:jdk:1.6.0:update_5::::::	1	OR
cpe:2.3:a:sun:jdk:1.6.0:update_6::::::	1	OR
cpe:2.3:a:sun:jdk:1.6.0:update_7::::::	1	OR
cpe:2.3:a:sun:jdk:1.6.0:update1::::::	1	OR
cpe:2.3:a:sun:jdk:1.6.0:update1_b06::::::	1	OR
cpe:2.3:a:sun:jdk:1.6.0:update2::::::	1	OR
cpe:2.3:a:sun:jre::update_12::::::*	1	OR	1.6.0
cpe:2.3:a:sun:jre:1.6.0:::::::*	1	OR
cpe:2.3:a:sun:jre:1.6.0:update_1::::::	1	OR
cpe:2.3:a:sun:jre:1.6.0:update_10::::::	1	OR
cpe:2.3:a:sun:jre:1.6.0:update_11::::::	1	OR
cpe:2.3:a:sun:jre:1.6.0:update_2::::::	1	OR
cpe:2.3:a:sun:jre:1.6.0:update_3::::::	1	OR
cpe:2.3:a:sun:jre:1.6.0:update_4::::::	1	OR
cpe:2.3:a:sun:jre:1.6.0:update_5::::::	1	OR
cpe:2.3:a:sun:jre:1.6.0:update_6::::::	1	OR
cpe:2.3:a:sun:jre:1.6.0:update_7::::::	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector
NETWORK

Access Compatibility
MEDIUM

Authentication
NONE

Confidentiality Impact
COMPLETE

Integrity Impact
COMPLETE

Availability Impact
COMPLETE

Base Score
9.3

Severity
HIGH

Exploitability Score
8.6

Impact Score
10

References

Reference URL	Reference Tags
http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1	Patch Vendor Advisory
http://secunia.com/advisories/34489	Vendor Advisory
http://www.ubuntu.com/usn/usn-748-1
http://www.redhat.com/support/errata/RHSA-2009-0392.html
http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
http://www.securityfocus.com/bid/34240
http://www.securitytracker.com/id?1021913
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=780
https://rhn.redhat.com/errata/RHSA-2009-0377.html
http://secunia.com/advisories/34496	Vendor Advisory
http://secunia.com/advisories/34675	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
http://www.debian.org/security/2009/dsa-1769
http://secunia.com/advisories/34632	Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=779
http://www.redhat.com/support/errata/RHSA-2009-1038.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html
http://secunia.com/advisories/35223	Vendor Advisory
http://secunia.com/advisories/35156	Vendor Advisory
http://www.vupen.com/english/advisories/2009/1426	Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
http://secunia.com/advisories/35255	Vendor Advisory
http://marc.info/?l=bugtraq&m=124344236532162&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2009:137
http://secunia.com/advisories/35776	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
http://secunia.com/advisories/36185	Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2009-1198.html
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://www.vupen.com/english/advisories/2009/3316	Vendor Advisory
http://secunia.com/advisories/37386	Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://secunia.com/advisories/37460	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/49475
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6288
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11241
http://www.securityfocus.com/archive/1/507985/100/0/threaded

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2009-1097
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:33:09				Added to TrackCVE