Java Runtime Environment AWT setDiffICM buffer overflow

Added: 11/27/2009
CVE: CVE-2009-3869
BID: 36881
OSVDB: 59710

Background

Java Runtime Environment (JRE) allows end users to run Java applications.

Problem

A buffer overflow vulnerability in the setDiffICM function of the Abstract Window Toolkit (AWT) allows command execution when a user loads a specially crafted web page.

Resolution

Apply the update referenced in Sun article 270474.

References

http://www.zerodayinitiative.com/advisories/ZDI-09-078/

Limitations

Exploit works on Java Runtime Environment 6 Update 16 and requires a user to open the exploit page in Firefox 2.0.x.

In order for the exploit to succeed, the security policy in JRE must allow access to classes in the sun.awt.image package. To configure JRE to allow access to classes in the sun.awt.image package, add the following lines to the Java policy file on the target system:

grant {
    permission java.lang.RuntimePermission
"accessClassInPackage.sun.awt.image";
}

The Java policy file can be found at:

C:\Program Files\Java\jreX\lib\security\java.policy

where X is the JRE series, such as 5 or 6.

Platforms

Windows

Back to exploit index