CVE-2009-2674 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-2674 PUBLISHED CVSS 7.5 HIGH

Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow.

EPSS 3.98% · 88.3th percentile

Risk Scores

CVSS v2.0

7.5

EPSS Score

3.98%

88.3th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
sun	jre	6, 6, 6
sun	jdk	6, 1.6.0, 6

Timeline

Aug 5, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 11, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

http://www.zerodayinitiative.com/advisories/ZDI-09-050/ url
RHSA-2009:1200 vendor-advisory
36162 third-party-advisory
ADV-2009-2543 vdb
GLSA-200911-02 vendor-advisory
HPSBUX02476 vendor-advisory
oval:org.mitre.oval:def:10073 vdb
36248 third-party-advisory
263428 vendor-advisory
MDVSA-2009:209 vendor-advisory
FEDORA-2009-8329 vendor-advisory
TA09-294A third-party-advisory
36180 third-party-advisory
oval:org.mitre.oval:def:8073 vdb
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html url
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1 url
36176 third-party-advisory
FEDORA-2009-8337 vendor-advisory
SUSE-SR:2009:016 vendor-advisory
37300 third-party-advisory

…and 8 more

Open in Interactive Console →