Back to search

VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3869)

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	November 04, 2009	February 15, 2011	February 12, 2015

Available Exploits

Sun Java JRE getSoundbank file:// URI Buffer Overflow
Sun Java JRE AWT setDiffICM Buffer Overflow

Description

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

Download now

References

APPLE-APPLE-SA-2009-12-03-1
APPLE-APPLE-SA-2009-12-03-2
BID-36881
CVE-2009-3869
OVAL-OVAL10741
OVAL-OVAL11262
OVAL-OVAL7400
OVAL-OVAL8566
REDHAT-RHSA-2009:1694
SUSE-SUSE-SA:2009:058
URL: http://www.vmware.com/security/advisories/VMSA-2010-0005.html

Solution

apply-esx-3_5-patch-esx350-201003403-sg

Related Vulnerabilities

Apple Java security update for CVE-2009-3872
VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3872)
JRE Deployment Toolkit Vulnerability
ELSA-2009-1584 Important: Enterprise Linux 5 java-1.6.0-openjdk security update
RHSA-2009:1560: java-1.6.0-sun security update
VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3871)
VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3867)
JRE DER Decoding Denial of Service
CESA-2009:1584: java-1.6.0-openjdk security update
SUSE Linux Security Vulnerability: CVE-2009-3871
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3872)
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3871)
RHSA-2009:1647: java-1.5.0-ibm security update
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3873)
JRE Timing Attack
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3866)
SUSE Linux Security Vulnerability: CVE-2009-3873
SUSE Linux Security Vulnerability: CVE-2009-3868
JRE Non-English Update Flaw
Apple Java security update for CVE-2009-3873
JRE Multiple Overflows
VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3869)
JRE Audio and Image File Buffer and Integer Overflow Vulnerabilities
RHSA-2010:0043: Red Hat Network Satellite Server IBM Java Runtime security update
SUSE Linux Security Vulnerability: CVE-2009-3876
Apple Java security update for CVE-2009-3874
VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3865)
Apple Java security update for CVE-2009-3866
Apple Java security update for CVE-2009-3865
VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3864)
USN-859-1: OpenJDK vulnerabilities
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3876)
VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3874)
RHSA-2009:1584: java-1.6.0-openjdk security update
Apple Java security update for CVE-2009-3868
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3874)
JRE HMAC Digest Flaw
CESA-2010:0408: java-1.4.2-ibm security update
Apple Java security update for CVE-2009-3875
RHSA-2009:1662: Red Hat Network Satellite Server Sun Java Runtime security update
VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3868)
Apple Java security update for CVE-2009-3877
VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3873)
VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3876)
JRE Untrusted Application Privilege Escalation Vulnerability
SUSE Linux Security Vulnerability: CVE-2009-3874
SUSE Linux Security Vulnerability: CVE-2009-3866
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3875)
RHSA-2009:1551: java-1.4.2-ibm security update
CESA-2009:1551: java-1.4.2-ibm security update
RHSA-2010:0408: java-1.4.2-ibm security update
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3867)
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3864)
SUSE Linux Security Vulnerability: CVE-2009-3864
VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3877)
SUSE Linux Security Vulnerability: CVE-2009-3865
RHSA-2009:1643: java-1.4.2-ibm security update
Apple Java security update for CVE-2009-3871
SUSE Linux Security Vulnerability: CVE-2009-3875
RHSA-2009:1571: java-1.5.0-sun security update
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3865)
Apple Java security update for CVE-2009-3867
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3868)
JRE Java Web Start JNLP Vulnerability
SUSE Linux Security Vulnerability: CVE-2009-3869
SUSE Linux Security Vulnerability: CVE-2009-3867
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3877)
VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3875)
SUSE Linux Security Vulnerability: CVE-2009-3872
VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3866)
SUSE Linux Security Advisory: SUSE-SA:2009:058
JRE DER Decoding and HTTP Header Denial of Service Vulnerability
Apple Java security update for CVE-2009-3869
SUSE Linux Security Vulnerability: CVE-2009-3877
RHSA-2009:1694: java-1.6.0-ibm security update