Launchpad.net

CVE 2009-3865

The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.

Related bugs and status

CVE-2009-3865 (Candidate) is related to these bugs:

Bug #477812: Security update for Sun Java JRE 6: update 17

		In	Importance	Status
477812	Security update for Sun Java JRE 6: update 17	sun-java6 (Ubuntu)	Undecided	Fix Released
477812	Security update for Sun Java JRE 6: update 17	sun-java6 (Debian)	Unknown	Fix Released
477812	Security update for Sun Java JRE 6: update 17	sun-java6 (openSUSE)	Unknown	Unknown
477812	Security update for Sun Java JRE 6: update 17	sun-java6 (Ubuntu Hardy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://java.sun.com/ja...
SUNALERT: 269869
BID: 36881
SECUNIA: 37231
VUPEN: ADV-2009-3131
GENTOO: GLSA-200911-02
SUSE: SUSE-SA:2009:058
SECUNIA: 37239
SECUNIA: 37386
CONFIRM: http://support.apple.c...
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2009-12-03-1
APPLE: APPLE-SA-2009-12-03-2
SECUNIA: 37581
REDHAT: RHSA-2009:1694
SECUNIA: 37841
SECTRACK: 1023244
HP: HPSBMU02799
OVAL: oval:org.mitre.oval:de...