Release DateMar 11, 2010 |
Severitycritical |
ImpactSystem Compromise |
DescriptionThis indicates an attack attempt against a heap-overflow vulnerability in Sun Java Runtime Environment.The vulnerability is caused by an error when the vulnerable software handles specially crafted JPEG image dimensions. It allows a remote attacker to execute arbitrary code. |
Affected ProductsSun Java JDK and JRE version 6 Update 16 and previous versionsSun Java JDK and JRE version 5.0 Update 21 and previous versions Sun Java SDK and JRE version 1.4.2_23 and previous versions Sun Java SDK and JRE version 1.3.1_26 and previous versions |
Recommended ActionsUpgrade to the latest versions:http://java.sun.com/ |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-3874 |
Reference/shttp://www.securityfocus.com/bid/36881 (BugTraq)http://www.vupen.com/english/advisories/2009/3131 |
