Vulnerability Description
The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Jre | 6 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/34931Exploit
- http://www.shinnai.net/xplits/TXT_mhxRKrtrPLyAHRFNm7QR.htmlExploitURL Repurposed
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50629
- https://www.exploit-db.com/exploits/8665
- http://www.securityfocus.com/bid/34931Exploit
- http://www.shinnai.net/xplits/TXT_mhxRKrtrPLyAHRFNm7QR.htmlExploitURL Repurposed
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50629
- https://www.exploit-db.com/exploits/8665
FAQ
What is CVE-2009-1672?
CVE-2009-1672 is a vulnerability with a CVSS score of 9.3 (HIGH). The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the a...
How severe is CVE-2009-1672?
CVE-2009-1672 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1672?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Jre.