Release DateDec 29, 2009 |
Severitycritical |
ImpactSystem Compromise |
DescriptionThis indicates an attack attempt against a buffer-overflow vulnerability in Sun's Java Runtime Environment.The vulnerability is caused by an error when the vulnerable software handles a long file:// URL argument to the getSoundbank() function. It allows a remote attacker to execute arbitrary code. |
Affected ProductsSun Java JDK and JRE version 6 Update 16 and previous versionsSun Java JDK and JRE version 5.0 Update 21 and previous versions Sun Java SDK and JRE version 1.4.2_23 and previous versions Sun Java SDK and JRE version 1.3.1_26 and previous versions |
Recommended ActionsUpgrade to the latest versions:http://java.sun.com/ |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-3867 |
Reference/shttp://www.securityfocus.com/bid/36881 (BugTraq)http://www.zerodayinitiative.com/advisories/ZDI-09-076/ http://www.vupen.com/english/advisories/2009/3131 |
