Java Runtime Environment AWT setDiffICM buffer overflow

2009-11-27T00:00:00
ID SAINT:D64AD53ED6AECAF73B07B99B721FE9A3
Type saint
Reporter SAINT Corporation
Modified 2009-11-27T00:00:00

Description

Added: 11/27/2009
CVE: CVE-2009-3869
BID: 36881
OSVDB: 59710

Background

Java Runtime Environment (JRE) allows end users to run Java applications.

Problem

A buffer overflow vulnerability in the setDiffICM function of the Abstract Window Toolkit (AWT) allows command execution when a user loads a specially crafted web page.

Resolution

Apply the update referenced in Sun article 270474.

References

<http://www.zerodayinitiative.com/advisories/ZDI-09-078/>

Limitations

Exploit works on Java Runtime Environment 6 Update 16 and requires a user to open the exploit page in Firefox 2.0.x.

In order for the exploit to succeed, the security policy in JRE must allow access to classes in the sun.awt.image package. To configure JRE to allow access to classes in the sun.awt.image package, add the following lines to the Java policy file on the target system:

> > grant { > permission java.lang.RuntimePermission > "accessClassInPackage.sun.awt.image"; > } >

The Java policy file can be found at:

> > C:\Program Files\Java\jreX\lib\security\java.policy >

where X is the JRE series, such as 5 or 6.

Platforms

Windows