CVE-2009-2674

CVE-2009-2674 affects Sun Java Web Start (javaws.exe) in Sun JRE/JDK 6 prior to Update 15. The root cause is an integer overflow/heap-based buffer overflow when processing crafted JPEG images displayed on the splash screen, enabling context-dependent attackers to execute arbitrary code. Connected...

CVE-2009-2676

Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.221 and earlier; allows remote attackers to create or modify arbitrary files via vecto...

CVE-2009-2671

The SOCKS proxy implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted 1 applet or 2 Java Web Start application via unspecified vectors...

CVE-2009-2673

The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lack...

CVE-2009-2674

Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a...

CVE-2009-2670

The audio system in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by 1 untrusted applets and 2 Java Web Start applications, which allows context-dependent attackers to obtain sensiti...

CVE-2009-2672

The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted 1 applets and 2 Java Web Start applications, which allows remote attackers to hijack web sessions...

CVE-2009-2673

CVE-2009-2673 is the OpenJDK/Sun JRE proxy mechanism vulnerability that allows non-authenticated socket or URL connections due to a flaw in the proxy handling. Affected components include OpenJDK/OpenJRE proxy implementation and related JRE components as disclosed in multiple advisories (e.g., CV...

CVE-2009-2675

The CVE-2009-2675 entry concerns an integer overflow in the unpack200 utility of Sun Java Runtime Environment (JRE) / JDK. Affected: JRE/JDK 6 before Update 15 and JRE/JDK 5.0 before Update 20. Root cause: heap-based buffer overflow during decompression triggered by crafted Pack200 headers (unspe...

CVE-2009-2676

CVE-2009-2676 describes an unspecified vulnerability in Sun Java SE/JDK/JRE (up to 6 Update 14, 5.0 Update 19, and 1.4.2_21) involving the JNLPAppletLauncher. Affected component is the JNLPAppletLauncher exposed to untrusted applets; the root cause is an issue in how an old launcher can be access...

CVE-2009-2675

Integer overflow in the unpack200 utility in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to...

CVE-2009-2670

CVE-2009-2670 affects Sun Java Runtime Environment (JRE) in JDK/JRE 6 prior to Update 15 and JDK/JRE 5.0 prior to Update 20. The issue arises from the JRE audio system not preventing access to java.lang.System properties by untrusted applets and Java Web Start applications, enabling a context-dep...

CVE-2009-2674

Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a...

CVE-2009-2676

Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.221 and earlier; allows remote attackers to create or modify arbitrary files via vecto...

CVE-2009-2671

The SOCKS proxy implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted 1 applet or 2 Java Web Start application via unspecified vectors...

CVE-2009-2670

The audio system in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by 1 untrusted applets and 2 Java Web Start applications, which allows context-dependent attackers to obtain sensiti...

CVE-2009-2675

Integer overflow in the unpack200 utility in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to...

CVE-2009-2672

The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted 1 applets and 2 Java Web Start applications, which allows remote attackers to hijack web sessions...

Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime. User interaction is required in that a target must visit a malicious web page or open a malicious JNLP file. The specific flaw exists within the code responsible for handling...

Sun Java JRE Multiple Vulnerabilities (263408 / 263409 / 263428 ..)

The version of Sun Java Runtime Environment JRE installed on the remote host is earlier than 6 Update 15 / 5.0 Update 20 / 1.4.222 / 1.3.126. Such version are potentially affected by the following security issues : - A vulnerability in the JRE audio system may allow system properties to be...