Summary
This host is installed with Java JRE Deployment Toolkit ActiveX and is prone to multiple buffer overflow vulnerabilities.
Impact
Attacker may exploit this issue to launch JRE installation and execute arbitrary script code on the victim's system, and can deny the service.
Impact Level: System/Application
Solution
Upgrade to Sun Java JRE version 6 Update 20 or later.
For updates refer to http://java.sun.com
Workaround:
Set the killbit for the CLSID {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} http://support.microsoft.com/kb/240797
Insight
Multiple buffer overflows are due to,
- error in deploytk.dll file control while processing the setInstallerType, setAdditionalPackages, compareVersion, getStaticCLSID and launch method.
- error in installLatestJRE or installJRE method in deploytk.dll control and it can allow attacker to launch JRE installation processes.
- error in launch method can cause script code execution via a .jnlp URL.
Affected
Sun Java JRE version 6 Update 1 to 6 Update 13 and prior Sun Microsystems, deploytk.dll version 6.0.130.3 and prior
Severity
Classification
-
CVE CVE-2009-1671, CVE-2009-1672 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Reader Multimeda Doc.media.newPlayer Code Execution Vulnerability (Linux)
- Dell Webcam 'crazytalk4.ocx' ActiveX Multiple BOF Vulnerabilities
- Adobe Shockwave Player ActiveX Control BOF Vulnerability
- Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Linux)
- BaoFeng Storm ActiveX Control Buffer Overflow Vulnerability