Test Kennung:	1.3.6.1.4.1.25623.1.0.900354
Kategorie:	Buffer overflow
Titel:	Java JRE deploytk.dll ActiveX Control Multiple BOF Vulnerabilities
Zusammenfassung:	Java JRE Deployment Toolkit ActiveX is prone to multiple buffer overflow vulnerabilities.
Beschreibung:	Summary: Java JRE Deployment Toolkit ActiveX is prone to multiple buffer overflow vulnerabilities. Vulnerability Insight: Multiple buffer overflows are due to: - error in deploytk.dll file control while processing the setInstallerType, setAdditionalPackages, compareVersion, getStaticCLSID and launch method. - error in installLatestJRE or installJRE method in deploytk.dll control and it can allow attacker to launch JRE installation processes. - error in launch method can cause script code execution via a .jnlp URL. Vulnerability Impact: An attacker may exploit this issue to launch JRE installation and execute arbitrary script code on the victim's system, and can deny the service. Affected Software/OS: Sun Java JRE version 6 Update 1 to 6 Update 13 and prior Sun Microsystems, deploytk.dll version 6.0.130.3 and prior Solution: Upgrade to Sun Java JRE version 6 Update 20 or later. Workaround: Set the killbit for the CLSID {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1671 BugTraq ID: 34931 http://www.securityfocus.com/bid/34931 https://www.exploit-db.com/exploits/8665 http://www.shinnai.net/xplits/TXT_mhxRKrtrPLyAHRFNm7QR.html Common Vulnerability Exposure (CVE) ID: CVE-2009-1672 XForce ISS Database: sun-jre-activex-code-execution(50629) https://exchange.xforce.ibmcloud.com/vulnerabilities/50629
Copyright	Copyright (C) 2009 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.