CyberSec.Space Logo
Back to CVE Browser

CVE-2009-1095

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1280%
EPSS Percentile6.84th
PublishedMar 25, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.

Affected Platforms (CPE)

πŸ“¦
Sun

Jdk

<= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jdk

= 1.5.0
πŸ“¦
Sun

Jre

<= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jre

= 1.5.0
πŸ“¦
Sun

Jdk

<= 1.6.0
πŸ“¦
Sun

Jdk

= 1.6.0
πŸ“¦
Sun

Jdk

= 1.6.0
πŸ“¦
Sun

Jdk

= 1.6.0
πŸ“¦
Sun

Jdk

= 1.6.0
πŸ“¦
Sun

Jdk

= 1.6.0
πŸ“¦
Sun

Jdk

= 1.6.0
πŸ“¦
Sun

Jdk

= 1.6.0
πŸ“¦
Sun

Jdk

= 1.6.0
πŸ“¦
Sun

Jdk

= 1.6.0
πŸ“¦
Sun

Jdk

= 1.6.0
πŸ“¦
Sun

Jdk

= 1.6.0
πŸ“¦
Sun

Jre

<= 1.6.0
πŸ“¦
Sun

Jre

= 1.6.0
πŸ“¦
Sun

Jre

= 1.6.0
πŸ“¦
Sun

Jre

= 1.6.0
πŸ“¦
Sun

Jre

= 1.6.0
πŸ“¦
Sun

Jre

= 1.6.0
πŸ“¦
Sun

Jre

= 1.6.0
πŸ“¦
Sun

Jre

= 1.6.0
πŸ“¦
Sun

Jre

= 1.6.0
πŸ“¦
Sun

Jre

= 1.6.0
πŸ“¦
Sun

Jre

= 1.6.0

References & Advisories

πŸ”— http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=781
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
πŸ”— http://marc.info/?l=bugtraq&m=124344236532162&w=2
πŸ”— http://secunia.com/advisories/34489

Related Vulnerabilities

CVE-2007-243510.0

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote...

CVE-2008-535310.0

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and...

CVE-2004-025310.0

IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via cer...

CVE-2008-535510.0

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 1...