Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1099

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-1099
Last Modified 22 Oct 2012 11:05:01
Published 25 Mar 2009 07:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1099

Summary

Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow.

Vulnerable Systems

Application

  • Sun Java

  • Sun Java Runtime Environment 5.0

  • Sun Java Runtime Environment 6.0

  • Sun Java Se Development Kit


References

SUNALERT - 254571

MISC - http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1

REDHAT - RHSA-2009:1198

VUPEN - ADV-2009-3316

VUPEN - ADV-2009-1426

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

SECTRACK - 1021913

BID - 34240

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

REDHAT - RHSA-2009:1038

REDHAT - RHSA-2009:0394

REDHAT - RHSA-2009:0392

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm

GENTOO - GLSA-200911-02

SECUNIA - 37460

SECUNIA - 37386

SECUNIA - 36185

SECUNIA - 35776

SECUNIA - 35416

SECUNIA - 35255

SECUNIA - 35223

SECUNIA - 35156

SECUNIA - 34496

SECUNIA - 34495

HP - HPSBUX02429

SUSE - SUSE-SA:2009:036

SUSE - SUSE-SR:2009:011

SUSE - SUSE-SA:2009:029

SUSE - SUSE-SA:2009:016

IDEFENSE - 20090326 Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability

HP - HPSBMA02429

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html

HP - SSRT090058

Related Patches

Apple 2009-06-15 Java for Mac OS X 10.4 Release 9

Apple 2009-06-15 Java for Mac OS X 10.5 Update 4


Last Updated: 27 May 2016 10:57:18