Lucene search
HistoryNov 05, 2009 - 4:30 p.m.
CVE-2009-3868
cve-2009-3868
sun java
jdk
jre
privilege escalation
crafted image file
security vulnerability
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.3 Medium
AI Score
Confidence
Low
0.018 Low
EPSS
Percentile
88.2%
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.
Affected configurations
Node
sunjdkMatch1.5.0update_1
ORsunjdkMatch1.5.0update_10
ORsunjdkMatch1.5.0update_11
ORsunjdkMatch1.5.0update_12
ORsunjdkMatch1.5.0update_13
ORsunjdkMatch1.5.0update_14
ORsunjdkMatch1.5.0update_15
ORsunjdkMatch1.5.0update_16
ORsunjdkMatch1.5.0update_17
ORsunjdkMatch1.5.0update_18
ORsunjdkMatch1.5.0update_19
ORsunjdkMatch1.5.0update_2
ORsunjdkMatch1.5.0update_20
ORsunjdkMatch1.5.0update_21
ORsunjdkMatch1.5.0update_3
ORsunjdkMatch1.5.0update_4
ORsunjdkMatch1.5.0update_5
ORsunjdkMatch1.5.0update_6
ORsunjdkMatch1.5.0update_7
ORsunjdkMatch1.5.0update_8
ORsunjdkMatch1.5.0update_9
ORsunjdkMatch1.6.0update_1
ORsunjdkMatch1.6.0update_10
ORsunjdkMatch1.6.0update_11
ORsunjdkMatch1.6.0update_12
ORsunjdkMatch1.6.0update_13
ORsunjdkMatch1.6.0update_14
ORsunjdkMatch1.6.0update_15
ORsunjdkMatch1.6.0update_16
ORsunjdkMatch1.6.0update_3
ORsunjdkMatch1.6.0update_4
ORsunjdkMatch1.6.0update_5
ORsunjdkMatch1.6.0update_6
ORsunjdkMatch1.6.0update_7
ORsunjdkMatch1.6.0update_8
ORsunjdkMatch1.6.0update_9
ORsunjreMatch1.5.0update_1
ORsunjreMatch1.5.0update_11
ORsunjreMatch1.5.0update_12
ORsunjreMatch1.5.0update_13
ORsunjreMatch1.5.0update_14
ORsunjreMatch1.5.0update_15
ORsunjreMatch1.5.0update_16
ORsunjreMatch1.5.0update_17
ORsunjreMatch1.5.0update_18
ORsunjreMatch1.5.0update_19
ORsunjreMatch1.5.0update_2
ORsunjreMatch1.5.0update_20
ORsunjreMatch1.5.0update_21
ORsunjreMatch1.5.0update_3
ORsunjreMatch1.5.0update_4
ORsunjreMatch1.5.0update_5
ORsunjreMatch1.5.0update_6
ORsunjreMatch1.5.0update_7
ORsunjreMatch1.5.0update_8
ORsunjreMatch1.5.0update_9
ORsunjreMatch1.6.0update_1
ORsunjreMatch1.6.0update_10
ORsunjreMatch1.6.0update_11
ORsunjreMatch1.6.0update_12
ORsunjreMatch1.6.0update_13
ORsunjreMatch1.6.0update_14
ORsunjreMatch1.6.0update_15
ORsunjreMatch1.6.0update_16
ORsunjreMatch1.6.0update_2
ORsunjreMatch1.6.0update_3
ORsunjreMatch1.6.0update_4
ORsunjreMatch1.6.0update_5
ORsunjreMatch1.6.0update_6
ORsunjreMatch1.6.0update_7
ORsunjreMatch1.6.0update_8
ORsunjreMatch1.6.0update_9
Node
sunjreMatch1.4.2_1
ORsunjreMatch1.4.2_2
ORsunjreMatch1.4.2_02
ORsunjreMatch1.4.2_03
ORsunjreMatch1.4.2_3
ORsunjreMatch1.4.2_4
ORsunjreMatch1.4.2_04
ORsunjreMatch1.4.2_05
ORsunjreMatch1.4.2_5
ORsunjreMatch1.4.2_06
ORsunjreMatch1.4.2_6
ORsunjreMatch1.4.2_7
ORsunjreMatch1.4.2_07
ORsunjreMatch1.4.2_8
ORsunjreMatch1.4.2_08
ORsunjreMatch1.4.2_09
ORsunjreMatch1.4.2_9
ORsunjreMatch1.4.2_10
ORsunjreMatch1.4.2_11
ORsunjreMatch1.4.2_12
ORsunjreMatch1.4.2_13
ORsunjreMatch1.4.2_14
ORsunjreMatch1.4.2_15
ORsunjreMatch1.4.2_16
ORsunjreMatch1.4.2_17
ORsunjreMatch1.4.2_18
ORsunjreMatch1.4.2_19
ORsunjreMatch1.4.2_20
ORsunjreMatch1.4.2_21
ORsunjreMatch1.4.2_22
ORsunsdkMatch1.4.2_01
ORsunsdkMatch1.4.2_1
ORsunsdkMatch1.4.2_2
ORsunsdkMatch1.4.2_02
ORsunsdkMatch1.4.2_03
ORsunsdkMatch1.4.2_3
ORsunsdkMatch1.4.2_04
ORsunsdkMatch1.4.2_4
ORsunsdkMatch1.4.2_5
ORsunsdkMatch1.4.2_05
ORsunsdkMatch1.4.2_6
ORsunsdkMatch1.4.2_06
ORsunsdkMatch1.4.2_07
ORsunsdkMatch1.4.2_7
ORsunsdkMatch1.4.2_8
ORsunsdkMatch1.4.2_08
ORsunsdkMatch1.4.2_09
ORsunsdkMatch1.4.2_9
ORsunsdkMatch1.4.2_10
ORsunsdkMatch1.4.2_11
ORsunsdkMatch1.4.2_12
ORsunsdkMatch1.4.2_13
ORsunsdkMatch1.4.2_14
ORsunsdkMatch1.4.2_15
ORsunsdkMatch1.4.2_16
ORsunsdkMatch1.4.2_17
ORsunsdkMatch1.4.2_18
ORsunsdkMatch1.4.2_19
ORsunsdkMatch1.4.2_20
ORsunsdkMatch1.4.2_21
ORsunsdkMatch1.4.2_22
sunsolaris
Node
sunjreMatch1.3.1_1
ORsunjreMatch1.3.1_01
ORsunjreMatch1.3.1_01a
ORsunjreMatch1.3.1_02
ORsunjreMatch1.3.1_2
ORsunjreMatch1.3.1_03
ORsunjreMatch1.3.1_3
ORsunjreMatch1.3.1_4
ORsunjreMatch1.3.1_04
ORsunjreMatch1.3.1_05
ORsunjreMatch1.3.1_5
ORsunjreMatch1.3.1_06
ORsunjreMatch1.3.1_6
ORsunjreMatch1.3.1_07
ORsunjreMatch1.3.1_7
ORsunjreMatch1.3.1_8
ORsunjreMatch1.3.1_08
ORsunjreMatch1.3.1_9
ORsunjreMatch1.3.1_09
ORsunjreMatch1.3.1_10
ORsunjreMatch1.3.1_11
ORsunjreMatch1.3.1_12
ORsunjreMatch1.3.1_13
ORsunjreMatch1.3.1_14
ORsunjreMatch1.3.1_15
ORsunjreMatch1.3.1_16
ORsunjreMatch1.3.1_17
ORsunjreMatch1.3.1_18
ORsunjreMatch1.3.1_19
ORsunjreMatch1.3.1_20
ORsunjreMatch1.3.1_21
ORsunjreMatch1.3.1_22
ORsunjreMatch1.3.1_23
ORsunjreMatch1.3.1_24
ORsunjreMatch1.3.1_25
ORsunsdkMatch1.3.1_01
ORsunsdkMatch1.3.1_01a
ORsunsdkMatch1.3.1_2
ORsunsdkMatch1.3.1_02
ORsunsdkMatch1.3.1_03
ORsunsdkMatch1.3.1_3
ORsunsdkMatch1.3.1_4
ORsunsdkMatch1.3.1_04
ORsunsdkMatch1.3.1_5
ORsunsdkMatch1.3.1_05
ORsunsdkMatch1.3.1_6
ORsunsdkMatch1.3.1_06
ORsunsdkMatch1.3.1_7
ORsunsdkMatch1.3.1_07
ORsunsdkMatch1.3.1_8
ORsunsdkMatch1.3.1_08
ORsunsdkMatch1.3.1_9
ORsunsdkMatch1.3.1_09
ORsunsdkMatch1.3.1_10
ORsunsdkMatch1.3.1_11
ORsunsdkMatch1.3.1_12
ORsunsdkMatch1.3.1_13
ORsunsdkMatch1.3.1_14
ORsunsdkMatch1.3.1_15
ORsunsdkMatch1.3.1_16
ORsunsdkMatch1.3.1_17
ORsunsdkMatch1.3.1_18
ORsunsdkMatch1.3.1_19
ORsunsdkMatch1.3.1_20
ORsunsdkMatch1.3.1_21
ORsunsdkMatch1.3.1_22
ORsunsdkMatch1.3.1_23
ORsunsdkMatch1.3.1_24
ORsunsdkMatch1.3.1_25
microsoftwindows
Node
sunjava_sebusiness
sunjdkMatch1.5.0update_1
ORsunjdkMatch1.5.0update_10
ORsunjdkMatch1.5.0update_11
ORsunjdkMatch1.5.0update_12
ORsunjdkMatch1.5.0update_13
ORsunjdkMatch1.5.0update_14
ORsunjdkMatch1.5.0update_15
ORsunjdkMatch1.5.0update_16
ORsunjdkMatch1.5.0update_17
ORsunjdkMatch1.5.0update_18
ORsunjdkMatch1.5.0update_19
ORsunjdkMatch1.5.0update_2
ORsunjdkMatch1.5.0update_20
ORsunjdkMatch1.5.0update_21
ORsunjdkMatch1.5.0update_3
ORsunjdkMatch1.5.0update_4
ORsunjdkMatch1.5.0update_5
ORsunjdkMatch1.5.0update_6
ORsunjdkMatch1.5.0update_7
ORsunjdkMatch1.5.0update_8
ORsunjdkMatch1.5.0update_9
ORsunjdkMatch1.6.0update_1
ORsunjdkMatch1.6.0update_10
ORsunjdkMatch1.6.0update_11
ORsunjdkMatch1.6.0update_12
ORsunjdkMatch1.6.0update_13
ORsunjdkMatch1.6.0update_14
ORsunjdkMatch1.6.0update_15
ORsunjdkMatch1.6.0update_16
ORsunjdkMatch1.6.0update_3
ORsunjdkMatch1.6.0update_4
ORsunjdkMatch1.6.0update_5
ORsunjdkMatch1.6.0update_6
ORsunjdkMatch1.6.0update_7
ORsunjdkMatch1.6.0update_8
ORsunjdkMatch1.6.0update_9
ORsunjdkMatch1.6.0update2
ORsunjreMatch1.4.2_01
ORsunjreMatch1.4.2_1
ORsunjreMatch1.4.2_2
ORsunjreMatch1.4.2_02
ORsunjreMatch1.4.2_03
ORsunjreMatch1.4.2_3
ORsunjreMatch1.4.2_4
ORsunjreMatch1.4.2_04
ORsunjreMatch1.4.2_05
ORsunjreMatch1.4.2_5
ORsunjreMatch1.4.2_06
ORsunjreMatch1.4.2_6
ORsunjreMatch1.4.2_7
ORsunjreMatch1.4.2_07
ORsunjreMatch1.4.2_8
ORsunjreMatch1.4.2_08
ORsunjreMatch1.4.2_09
ORsunjreMatch1.4.2_9
ORsunjreMatch1.4.2_10
ORsunjreMatch1.4.2_11
ORsunjreMatch1.4.2_12
ORsunjreMatch1.4.2_13
ORsunjreMatch1.4.2_14
ORsunjreMatch1.4.2_15
ORsunjreMatch1.4.2_16
ORsunjreMatch1.4.2_17
ORsunjreMatch1.4.2_18
ORsunjreMatch1.4.2_19
ORsunjreMatch1.4.2_20
ORsunjreMatch1.4.2_21
ORsunjreMatch1.4.2_22
ORsunjreMatch1.5.0update_1
ORsunjreMatch1.5.0update_11
ORsunjreMatch1.5.0update_12
ORsunjreMatch1.5.0update_13
ORsunjreMatch1.5.0update_14
ORsunjreMatch1.5.0update_15
ORsunjreMatch1.5.0update_16
ORsunjreMatch1.5.0update_17
ORsunjreMatch1.5.0update_18
ORsunjreMatch1.5.0update_19
ORsunjreMatch1.5.0update_2
ORsunjreMatch1.5.0update_20
ORsunjreMatch1.5.0update_21
ORsunjreMatch1.5.0update_3
ORsunjreMatch1.5.0update_4
ORsunjreMatch1.5.0update_5
ORsunjreMatch1.5.0update_6
ORsunjreMatch1.5.0update_7
ORsunjreMatch1.5.0update_8
ORsunjreMatch1.5.0update_9
ORsunjreMatch1.6.0update_1
ORsunjreMatch1.6.0update_10
ORsunjreMatch1.6.0update_11
ORsunjreMatch1.6.0update_12
ORsunjreMatch1.6.0update_13
ORsunjreMatch1.6.0update_14
ORsunjreMatch1.6.0update_15
ORsunjreMatch1.6.0update_16
ORsunjreMatch1.6.0update_2
ORsunjreMatch1.6.0update_3
ORsunjreMatch1.6.0update_4
ORsunjreMatch1.6.0update_5
ORsunjreMatch1.6.0update_6
ORsunjreMatch1.6.0update_7
ORsunjreMatch1.6.0update_8
ORsunjreMatch1.6.0update_9
ORsunsdkMatch1.4.2_1
ORsunsdkMatch1.4.2_2
ORsunsdkMatch1.4.2_02
ORsunsdkMatch1.4.2_03
ORsunsdkMatch1.4.2_3
ORsunsdkMatch1.4.2_04
ORsunsdkMatch1.4.2_4
ORsunsdkMatch1.4.2_5
ORsunsdkMatch1.4.2_05
ORsunsdkMatch1.4.2_6
ORsunsdkMatch1.4.2_06
ORsunsdkMatch1.4.2_07
ORsunsdkMatch1.4.2_7
ORsunsdkMatch1.4.2_8
ORsunsdkMatch1.4.2_08
ORsunsdkMatch1.4.2_09
ORsunsdkMatch1.4.2_9
ORsunsdkMatch1.4.2_10
ORsunsdkMatch1.4.2_11
ORsunsdkMatch1.4.2_12
ORsunsdkMatch1.4.2_13
ORsunsdkMatch1.4.2_14
ORsunsdkMatch1.4.2_15
ORsunsdkMatch1.4.2_16
ORsunsdkMatch1.4.2_17
ORsunsdkMatch1.4.2_18
ORsunsdkMatch1.4.2_19
ORsunsdkMatch1.4.2_20
ORsunsdkMatch1.4.2_21
ORsunsdkMatch1.4.2_22
References
java.sun.com/javase/6/webnotes/6u17.html
lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
marc.info/?l=bugtraq&m=126566824131534&w=2
marc.info/?l=bugtraq&m=131593453929393&w=2
marc.info/?l=bugtraq&m=134254866602253&w=2
secunia.com/advisories/37231
secunia.com/advisories/37239
secunia.com/advisories/37386
secunia.com/advisories/37581
secunia.com/advisories/37841
security.gentoo.org/glsa/glsa-200911-02.xml
securitytracker.com/id?1023132
sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
support.apple.com/kb/HT3969
support.apple.com/kb/HT3970
www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
www.redhat.com/support/errata/RHSA-2009-1694.html
www.securityfocus.com/bid/36881
www.vupen.com/english/advisories/2009/3131
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11834
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6786
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8622
Related
veracode
veracode
Privilege Escalation
2020-04-10 00:40:37
ubuntucve
ubuntucve
CVE-2009-3868
2009-11-05 00:00:00
nvd
nvd
CVE-2009-3868
2009-11-05 16:30:00
CVE-2010-0079
2010-01-13 01:30:01
cvelist
cvelist
CVE-2009-3868
2009-11-05 16:00:00
CVE-2010-0079
2010-01-13 01:00:00
prion
prion
Code injection
2009-11-05 16:30:00
Code injection
2010-01-13 01:30:00
redhat
redhat
(RHSA-2009:1551) Moderate: java-1.4.2-ibm security update
2009-11-04 00:00:00
(RHSA-2009:1647) Critical: java-1.5.0-ibm security update
2009-12-08 00:00:00
(RHSA-2009:1643) Critical: java-1.4.2-ibm security update
2009-12-07 00:00:00
openvas
openvas
RedHat Security Advisory RHSA-2009:1647
2009-12-14 00:00:00
Sun Java JDK/JRE Multiple Vulnerabilities (Nov 2009) - Windows
2009-11-13 00:00:00
HP-UX Update for Java HPSBUX02503
2010-02-15 00:00:00
securityvulns
securityvulns
HP Network Node Manager i DoS
2011-09-20 00:00:00
Oracle Critical Patch Update Advisory - January 2010
2010-01-15 00:00:00
nessus
nessus
SuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12564)
2009-12-27 00:00:00
openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1529)
2009-11-11 00:00:00
RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2009:1643)
2009-12-08 00:00:00
suse
suse
remote code execution in java-1_5_0-ibm
2010-01-12 09:21:12
remote code execution in java-1_6_0-ibm
2010-01-12 17:47:21
remote code execution in java-1_6_0-sun
2009-11-19 17:02:05
cve
cve
CVE-2010-0079
2010-01-13 01:30:01
packetstorm
packetstorm
Netragard Security Advisory 2009-12-19
2009-12-30 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - January 2010
2010-01-12 00:00:00
vmware
vmware
VMware vCenter update release addresses multiple security issues in Java JRE
2010-01-29 00:00:00
VMware vCenter update release addresses multiple security issues in Java JRE
2010-01-29 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.3 Medium
AI Score
Confidence
Low
0.018 Low
EPSS
Percentile
88.2%
Related for CVE-2009-3868