Launchpad.net

CVE 2009-3866

The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824.

Related bugs and status

CVE-2009-3866 (Candidate) is related to these bugs:

Bug #477812: Security update for Sun Java JRE 6: update 17

		In	Importance	Status
477812	Security update for Sun Java JRE 6: update 17	sun-java6 (Ubuntu)	Undecided	Fix Released
477812	Security update for Sun Java JRE 6: update 17	sun-java6 (Debian)	Unknown	Fix Released
477812	Security update for Sun Java JRE 6: update 17	sun-java6 (openSUSE)	Unknown	Unknown
477812	Security update for Sun Java JRE 6: update 17	sun-java6 (Ubuntu Hardy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://zerodayinitiati...
CONFIRM: http://java.sun.com/ja...
SUNALERT: 269870
BID: 36881
SECUNIA: 37231
VUPEN: ADV-2009-3131
GENTOO: GLSA-200911-02
SUSE: SUSE-SA:2009:058
SECUNIA: 37239
SECUNIA: 37386
CONFIRM: http://support.apple.c...
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2009-12-03-1
APPLE: APPLE-SA-2009-12-03-2
SECUNIA: 37581
REDHAT: RHSA-2009:1694
SECUNIA: 37841
HP: HPSBMU02799
OVAL: oval:org.mitre.oval:de...