7.5

CVE-2009-1099

Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJava Runtime Environment Version5.0 Edition17
SunJava Runtime Environment Version6.0 Edition12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.66% 0.92
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/34495
Vendor Advisory
http://secunia.com/advisories/34496
Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm
http://www.redhat.com/support/errata/RHSA-2009-0392.html
http://www.redhat.com/support/errata/RHSA-2009-0394.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316
Vendor Advisory
http://secunia.com/advisories/37460
Vendor Advisory
http://secunia.com/advisories/37386
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://secunia.com/advisories/35416
Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
http://secunia.com/advisories/35255
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1426
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
http://marc.info/?l=bugtraq&m=124344236532162&w=2
http://secunia.com/advisories/35156
Vendor Advisory
http://secunia.com/advisories/35223
Vendor Advisory
http://secunia.com/advisories/35776
Vendor Advisory
http://secunia.com/advisories/36185
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
http://www.redhat.com/support/errata/RHSA-2009-1038.html
http://www.securityfocus.com/bid/34240
https://rhn.redhat.com/errata/RHSA-2009-1198.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1
Patch
Vendor Advisory
http://www.securitytracker.com/id?1021913
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=777
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5726