National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2009-1099 Detail

Current Description

Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow.

Source:  MITRE      Last Modified:  03/25/2009      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2009-1099
Original release date:
03/25/2009
Last revised:
09/28/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.5 HIGH
Vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 External Source HP SSRT090058
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=777 External Source IDEFENSE 20090326 Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html External Source SUSE SUSE-SA:2009:016
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html External Source SUSE SUSE-SA:2009:029
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html External Source SUSE SUSE-SR:2009:011
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html External Source SUSE SUSE-SA:2009:036
http://marc.info/?l=bugtraq&m=124344236532162&w=2 External Source HP HPSBUX02429
http://security.gentoo.org/glsa/glsa-200911-02.xml External Source GENTOO GLSA-200911-02
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1 Patch; Vendor Advisory External Source MISC http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1 Patch; Vendor Advisory External Source SUNALERT 254571
http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm External Source CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm External Source CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
http://www.redhat.com/support/errata/RHSA-2009-0392.html External Source REDHAT RHSA-2009:0392
http://www.redhat.com/support/errata/RHSA-2009-0394.html External Source REDHAT RHSA-2009:0394
http://www.redhat.com/support/errata/RHSA-2009-1038.html External Source REDHAT RHSA-2009:1038
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded External Source BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
http://www.securityfocus.com/bid/34240 External Source BID 34240
http://www.securitytracker.com/id?1021913 External Source SECTRACK 1021913
http://www.vmware.com/security/advisories/VMSA-2009-0016.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/1426 Vendor Advisory External Source VUPEN ADV-2009-1426
http://www.vupen.com/english/advisories/2009/3316 Vendor Advisory External Source VUPEN ADV-2009-3316
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5726 External Source OVAL oval:org.mitre.oval:def:5726
https://rhn.redhat.com/errata/RHSA-2009-1198.html External Source REDHAT RHSA-2009:1198

References to Check Content

Identifier:
oval:org.mitre.oval:def:5726
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5726

Technical Details

Vulnerability Type (View All)

Change History 3 change records found - show changes