CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.1%
Added: 11/06/2009
CVE: CVE-2009-3867
BID: 36881
OSVDB: 59711
The Java Runtime Environment (JRE) is part of the Java Development Kit (JDK), a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java Virtual Machine (JVM), core classes, and supporting files.
A stack buffer overflow vulnerability in the way the JRE getSoundbank() function parses long file:// URL arguments allows remote attackers to execute arbitrary commands.
Apply one of the solutions shown in Sun Microsystems’ response.
<http://www.zerodayinitiative.com/advisories/ZDI-09-076/>
Exploit works on Sun Microsystems Java Runtime Environment 6 and requires the user to open the exploit page in Mozilla Firefox 2.0.X.
Windows