Vulnerabilidad en Java (CVE-2009-1097)
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-119
Restricción de operaciones inapropiada dentro de los límites del búfer de la memoria
Fecha de publicación:
25/03/2009
Última modificación:
09/04/2025
Descripción
Múltiples desbordamientos de búfer en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) versión 6 Update 12 y anteriores, permiten a los atacantes remotos acceder a archivos o ejecutar código arbitrario por medio de (1) una imagen PNG diseñada que desencadena un desbordamiento de enteros durante la asignación de memoria para su visualización en la pantalla de presentación, también se conoce como CR 6804996; y (2) una imagen GIF diseñada a partir de la cual se utilizan valores no especificados en el cálculo de desplazamientos, conllevando a una corrupción de puntero de objeto, también se conoce como CR 6804997.
Impacto
Puntuación base 2.0
9.30
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:sun:jdk:*:update_12:*:*:*:*:*:* | 1.6.0 (incluyendo) | |
| cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:jre:*:update_12:*:*:*:*:*:* | 1.6.0 (incluyendo) | |
| cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=779
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=780
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
- http://marc.info/?l=bugtraq&m=124344236532162&w=2
- http://secunia.com/advisories/34489
- http://secunia.com/advisories/34496
- http://secunia.com/advisories/34632
- http://secunia.com/advisories/34675
- http://secunia.com/advisories/35156
- http://secunia.com/advisories/35223
- http://secunia.com/advisories/35255
- http://secunia.com/advisories/35776
- http://secunia.com/advisories/36185
- http://secunia.com/advisories/37386
- http://secunia.com/advisories/37460
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1
- http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
- http://www.debian.org/security/2009/dsa-1769
- http://www.mandriva.com/security/advisories?name=MDVSA-2009%3A137
- http://www.mandriva.com/security/advisories?name=MDVSA-2009%3A162
- http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
- http://www.redhat.com/support/errata/RHSA-2009-0392.html
- http://www.redhat.com/support/errata/RHSA-2009-1038.html
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/bid/34240
- http://www.securitytracker.com/id?1021913=
- http://www.ubuntu.com/usn/usn-748-1
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vupen.com/english/advisories/2009/1426
- http://www.vupen.com/english/advisories/2009/3316
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49475
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11241
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6288
- https://rhn.redhat.com/errata/RHSA-2009-0377.html
- https://rhn.redhat.com/errata/RHSA-2009-1198.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=779
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=780
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
- http://marc.info/?l=bugtraq&m=124344236532162&w=2
- http://secunia.com/advisories/34489
- http://secunia.com/advisories/34496
- http://secunia.com/advisories/34632
- http://secunia.com/advisories/34675
- http://secunia.com/advisories/35156
- http://secunia.com/advisories/35223
- http://secunia.com/advisories/35255
- http://secunia.com/advisories/35776
- http://secunia.com/advisories/36185
- http://secunia.com/advisories/37386
- http://secunia.com/advisories/37460
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1
- http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
- http://www.debian.org/security/2009/dsa-1769
- http://www.mandriva.com/security/advisories?name=MDVSA-2009%3A137
- http://www.mandriva.com/security/advisories?name=MDVSA-2009%3A162
- http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
- http://www.redhat.com/support/errata/RHSA-2009-0392.html
- http://www.redhat.com/support/errata/RHSA-2009-1038.html
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/bid/34240
- http://www.securitytracker.com/id?1021913=
- http://www.ubuntu.com/usn/usn-748-1
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vupen.com/english/advisories/2009/1426
- http://www.vupen.com/english/advisories/2009/3316
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49475
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11241
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6288
- https://rhn.redhat.com/errata/RHSA-2009-0377.html
- https://rhn.redhat.com/errata/RHSA-2009-1198.html