Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1671Improper Restriction of Operations within the Bounds of a Memory Buffer in JRE

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
9.3CRITICALNVD
EPSS
6.0%
top 9.27%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SUN JRE
Timeline
PublishedMay 18
Latest updateMay 2

Description

Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDsun/jre6

🔴Vulnerability Details

2
GHSA
GHSA-53vx-h8fh-xhg5: Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk2022-05-02
CVEList
CVE-2009-1671: Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk2009-05-18

💥Exploits & PoCs

1
Exploit-DB
Java SE Runtime Environment JRE 6 Update 13 - Multiple Vulnerabilities2009-05-13

🕵️Threat Intelligence

1
Zscaler
Blackhole Exploits Kit Attack Growing | Zscaler2011-02-11
CVE-2009-1671 — SUN JRE vulnerability | cvebase