Release DateJan 05, 2010 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against an integer-overflow vulnerability inSun Java. The vulnerability is caused by an error when the vulnerable software handles a malicious Pack200 compressed JAR file. It allows a remote attacker to execute arbitrary code via sending a crafted web page. |
Affected ProductsJDK and JRE 6 Update 14 and earlierJDK and JRE 5.0 Update 19 and earlier |
Recommended ActionsUpgrade to the following versions:JDK and JRE 6 Update 15 or later JDK and JRE 5.0 Update 20 or later |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-2675 |
Reference/shttp://www.zerodayinitiative.com/advisories/ZDI-09-049http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=814 |
