Vulnerability Details : CVE-2009-3885
Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445.
Vulnerability category: Denial of service
Products affected by CVE-2009-3885
- cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0_0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0_10:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-3885
1.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-3885
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2009-3885
-
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
Oracle Java Technologies | Oracle
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
mandriva.com
-
http://java.sun.com/javase/6/webnotes/6u17.html
Java SE 6 Update 17 Release Notes
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7094
-
https://bugzilla.redhat.com/show_bug.cgi?id=530114
Jump to