Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1672Improper Restriction of Operations within the Bounds of a Memory Buffer in JRE

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
6.5%
top 8.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SUN JRE
Timeline
PublishedMay 18
Latest updateMay 2

Description

The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDsun/jre6

🔴Vulnerability Details

2
GHSA
GHSA-mrwf-5889-vpvm: The Deployment Toolkit ActiveX control in deploytk2022-05-02
CVEList
CVE-2009-1672: The Deployment Toolkit ActiveX control in deploytk2009-05-18

💥Exploits & PoCs

1
Exploit-DB
Java SE Runtime Environment JRE 6 Update 13 - Multiple Vulnerabilities2009-05-13
CVE-2009-1672 — SUN JRE vulnerability | cvebase