Back to search

VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3874)

Severity CVSS Published Added Modified
9 (AV:N/AC:M/Au:N/C:C/I:C/A:C) November 05, 2009 February 16, 2011 July 20, 2012

Available Exploits 

Description

Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

VMware VMware ESX Server >= 3.5 and < 4.0

Apply ESX350-201003403-SG.

See the vCenter Update Manager Administration Guide for instructions on using Update Manager to download and install patches to automatically update ESX 3.5 hosts.

To update ESX 3.5 hosts without using Update Manager, download the most recent patch bundle from http://www.vmware.com/download/vi/vi3_patches_35.html and install the bundle using esxupdate from the command line of the host. For more information, see the ESX Server 3 Patch Management Guide.

Related Vulnerabilities