CVE-2009-1097
Vulnerability from cvelistv5
Published
2009-03-25 23:00
Modified
2024-08-07 04:57
Severity ?
Summary
Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.
References
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
cve@mitre.orghttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=779
cve@mitre.orghttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=780
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=124344236532162&w=2
cve@mitre.orghttp://secunia.com/advisories/34489Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/34496Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/34632Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/34675Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/35156Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/35223Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/35255Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/35776Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36185Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/37386Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/37460Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200911-02.xml
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1Patch, Vendor Advisory
cve@mitre.orghttp://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1769
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:137
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:162
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2009-0392.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2009-1038.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/507985/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/34240
cve@mitre.orghttp://www.securitytracker.com/id?1021913
cve@mitre.orghttp://www.ubuntu.com/usn/usn-748-1
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2009-0016.html
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/1426Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/3316Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/49475
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11241
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6288
cve@mitre.orghttps://rhn.redhat.com/errata/RHSA-2009-0377.html
cve@mitre.orghttps://rhn.redhat.com/errata/RHSA-2009-1198.html
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=779
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=780
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=124344236532162&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34489Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34496Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34632Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34675Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35156Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35223Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35255Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35776Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36185Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37386Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37460Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200911-02.xml
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1769
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:137
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-0392.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-1038.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/507985/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34240
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021913
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-748-1
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2009-0016.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1426Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3316Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/49475
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11241
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6288
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-0377.html
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1198.html
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:57:17.819Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SA:2009:036",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
          },
          {
            "name": "MDVSA-2009:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
          },
          {
            "name": "34632",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34632"
          },
          {
            "name": "SSRT090058",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
          },
          {
            "name": "35156",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35156"
          },
          {
            "name": "34675",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34675"
          },
          {
            "name": "SUSE-SA:2009:029",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
          },
          {
            "name": "35776",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35776"
          },
          {
            "name": "1021913",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021913"
          },
          {
            "name": "37460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37460"
          },
          {
            "name": "34489",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34489"
          },
          {
            "name": "GLSA-200911-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
          },
          {
            "name": "RHSA-2009:1038",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
          },
          {
            "name": "RHSA-2009:1198",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "HPSBUX02429",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
          },
          {
            "name": "254571",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1"
          },
          {
            "name": "jre-gif-file-bo(49475)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49475"
          },
          {
            "name": "36185",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36185"
          },
          {
            "name": "RHSA-2009:0377",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
          },
          {
            "name": "35255",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35255"
          },
          {
            "name": "oval:org.mitre.oval:def:6288",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6288"
          },
          {
            "name": "ADV-2009-1426",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1426"
          },
          {
            "name": "MDVSA-2009:162",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
          },
          {
            "name": "20090326 Sun Java Web Start (JWS ) PNG Decoding Integer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=780"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
          },
          {
            "name": "RHSA-2009:0392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11241",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11241"
          },
          {
            "name": "35223",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35223"
          },
          {
            "name": "34240",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34240"
          },
          {
            "name": "34496",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34496"
          },
          {
            "name": "HPSBMA02429",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
          },
          {
            "name": "20090326 Sun Java Runtine Environment (JRE) GIF Decoding Heap Corruption Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=779"
          },
          {
            "name": "USN-748-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-748-1"
          },
          {
            "name": "DSA-1769",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1769"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
          },
          {
            "name": "37386",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37386"
          },
          {
            "name": "SUSE-SA:2009:016",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
          },
          {
            "name": "ADV-2009-3316",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SA:2009:036",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
        },
        {
          "name": "MDVSA-2009:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
        },
        {
          "name": "34632",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34632"
        },
        {
          "name": "SSRT090058",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
        },
        {
          "name": "35156",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35156"
        },
        {
          "name": "34675",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34675"
        },
        {
          "name": "SUSE-SA:2009:029",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
        },
        {
          "name": "35776",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35776"
        },
        {
          "name": "1021913",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021913"
        },
        {
          "name": "37460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37460"
        },
        {
          "name": "34489",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34489"
        },
        {
          "name": "GLSA-200911-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
        },
        {
          "name": "RHSA-2009:1038",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
        },
        {
          "name": "RHSA-2009:1198",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
        },
        {
          "name": "HPSBUX02429",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
        },
        {
          "name": "254571",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1"
        },
        {
          "name": "jre-gif-file-bo(49475)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49475"
        },
        {
          "name": "36185",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36185"
        },
        {
          "name": "RHSA-2009:0377",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
        },
        {
          "name": "35255",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35255"
        },
        {
          "name": "oval:org.mitre.oval:def:6288",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6288"
        },
        {
          "name": "ADV-2009-1426",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1426"
        },
        {
          "name": "MDVSA-2009:162",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
        },
        {
          "name": "20090326 Sun Java Web Start (JWS ) PNG Decoding Integer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=780"
        },
        {
          "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
        },
        {
          "name": "RHSA-2009:0392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11241",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11241"
        },
        {
          "name": "35223",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35223"
        },
        {
          "name": "34240",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34240"
        },
        {
          "name": "34496",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34496"
        },
        {
          "name": "HPSBMA02429",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
        },
        {
          "name": "20090326 Sun Java Runtine Environment (JRE) GIF Decoding Heap Corruption Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=779"
        },
        {
          "name": "USN-748-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-748-1"
        },
        {
          "name": "DSA-1769",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1769"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
        },
        {
          "name": "37386",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37386"
        },
        {
          "name": "SUSE-SA:2009:016",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
        },
        {
          "name": "ADV-2009-3316",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3316"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1097",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SA:2009:036",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
            },
            {
              "name": "MDVSA-2009:137",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
            },
            {
              "name": "34632",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34632"
            },
            {
              "name": "SSRT090058",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "35156",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35156"
            },
            {
              "name": "34675",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34675"
            },
            {
              "name": "SUSE-SA:2009:029",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
            },
            {
              "name": "35776",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35776"
            },
            {
              "name": "1021913",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021913"
            },
            {
              "name": "37460",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37460"
            },
            {
              "name": "34489",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34489"
            },
            {
              "name": "GLSA-200911-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "RHSA-2009:1038",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
            },
            {
              "name": "RHSA-2009:1198",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "HPSBUX02429",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
            },
            {
              "name": "254571",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1"
            },
            {
              "name": "jre-gif-file-bo(49475)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49475"
            },
            {
              "name": "36185",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36185"
            },
            {
              "name": "RHSA-2009:0377",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
            },
            {
              "name": "35255",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35255"
            },
            {
              "name": "oval:org.mitre.oval:def:6288",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6288"
            },
            {
              "name": "ADV-2009-1426",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1426"
            },
            {
              "name": "MDVSA-2009:162",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
            },
            {
              "name": "20090326 Sun Java Web Start (JWS ) PNG Decoding Integer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=780"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
            },
            {
              "name": "RHSA-2009:0392",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11241",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11241"
            },
            {
              "name": "35223",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35223"
            },
            {
              "name": "34240",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34240"
            },
            {
              "name": "34496",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34496"
            },
            {
              "name": "HPSBMA02429",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "20090326 Sun Java Runtine Environment (JRE) GIF Decoding Heap Corruption Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=779"
            },
            {
              "name": "USN-748-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-748-1"
            },
            {
              "name": "DSA-1769",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1769"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
            },
            {
              "name": "37386",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37386"
            },
            {
              "name": "SUSE-SA:2009:016",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
            },
            {
              "name": "ADV-2009-3316",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1097",
    "datePublished": "2009-03-25T23:00:00",
    "dateReserved": "2009-03-25T00:00:00",
    "dateUpdated": "2024-08-07T04:57:17.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1097\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-03-25T23:30:00.297\",\"lastModified\":\"2024-11-21T01:01:41.237\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) versi\u00f3n 6 Update 12 y anteriores, permiten a los atacantes remotos acceder a archivos o ejecutar c\u00f3digo arbitrario por medio de (1) una imagen PNG dise\u00f1ada que desencadena un desbordamiento de enteros durante la asignaci\u00f3n de memoria para su visualizaci\u00f3n en la pantalla de presentaci\u00f3n, tambi\u00e9n se conoce como CR 6804996; y (2) una imagen GIF dise\u00f1ada a partir de la cual se utilizan valores no especificados en el c\u00e1lculo de desplazamientos, conllevando a una corrupci\u00f3n de puntero de objeto, tambi\u00e9n se conoce como CR 6804997.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:*:update_12:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6.0\",\"matchCriteriaId\":\"8C826CA0-A25F-4A10-BD9E-791372BF8F06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3A4FEC7-A4A0-4B5C-A56C-8F80AE19865E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*\",\"matchCriteriaId\":\"722A93D8-B5BC-42F3-92A2-E424F61269A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*\",\"matchCriteriaId\":\"775F2611-F11C-4B84-8F40-0D034B81BF18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D98175BF-B084-4FA5-899D-9E80DC3923EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"820632CE-F8DF-47EE-B716-7530E60008B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA2BD0A3-7B2D-447B-ABAC-7B867B03B632\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*\",\"matchCriteriaId\":\"D54AB785-E9B7-47BD-B756-0C3A629D67DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9412098-0353-4F7B-9245-010557E6C651\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD30DAEB-4893-41CF-A455-B69C463B9337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*\",\"matchCriteriaId\":\"21D6CE7E-A036-496C-8E08-A87F62B5290A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8F93BBE-1E8C-4EB3-BCC7-20AB2D813F98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:*:update_12:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6.0\",\"matchCriteriaId\":\"1F38BA27-0EBC-47EC-99BF-A018E0BB0D53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBCD143C-057D-4F42-B487-46801E14ACF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"09027C19-D442-446F-B7A8-21DB6787CF43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0FEC28-0707-4F42-9740-78F3D2D551EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3C5879A-A608-4230-9DC1-C27F0F48A13B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7158D2C0-E9AC-4CD6-B777-EA7B7A181997\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"90EC6C13-4B37-48E5-8199-A702A944D5A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2528152C-E20A-4D97-931C-A5EC3CEAA06D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A99DAB4C-272B-4C91-BC70-7729E1152590\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*\",\"matchCriteriaId\":\"30DFC10A-A4D9-4F89-B17C-AB9260087D29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*\",\"matchCriteriaId\":\"272A5C44-18EC-41A9-8233-E9D4D0734EA6\"}]}]}],\"references\":[{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=779\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=780\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34489\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34496\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34632\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34675\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35156\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35223\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35255\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35776\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36185\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37386\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37460\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200911-02.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1769\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:137\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:162\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0392.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1038.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/507985/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/34240\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1021913\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-748-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0016.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1426\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3316\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49475\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11241\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6288\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-0377.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-1198.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=779\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34632\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34675\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35156\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35223\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35255\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35776\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36185\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37386\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200911-02.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1769\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:137\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:162\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0392.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/507985/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/34240\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021913\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-748-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1426\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49475\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11241\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6288\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-0377.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-1198.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.