Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2009-3867
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-05 Nov, 2009 | 16:30
Updated At-23 Apr, 2026 | 00:35

Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_19:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_2:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_20:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_21:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_3:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_4:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_5:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_6:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_7:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_8:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_9:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_1:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_8:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_9:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_21:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://java.sun.com/javase/6/webnotes/6u17.htmlcve@mitre.org
Vendor Advisory
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.htmlcve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.htmlcve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=126566824131534&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=131593453929393&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=134254866602253&w=2cve@mitre.org
N/A
http://secunia.com/advisories/37231cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/37239cve@mitre.org
N/A
http://secunia.com/advisories/37386cve@mitre.org
N/A
http://secunia.com/advisories/37581cve@mitre.org
N/A
http://secunia.com/advisories/37841cve@mitre.org
N/A
http://security.gentoo.org/glsa/glsa-200911-02.xmlcve@mitre.org
N/A
http://securitytracker.com/id?1023132cve@mitre.org
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1cve@mitre.org
Patch
Vendor Advisory
http://support.apple.com/kb/HT3969cve@mitre.org
N/A
http://support.apple.com/kb/HT3970cve@mitre.org
N/A
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2009-1694.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/36881cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/3131cve@mitre.org
Patch
Vendor Advisory
http://zerodayinitiative.com/advisories/ZDI-09-076/cve@mitre.org
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11903cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6746cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7750cve@mitre.org
N/A
http://java.sun.com/javase/6/webnotes/6u17.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=126566824131534&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=131593453929393&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=134254866602253&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/37231af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/37239af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/37386af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/37581af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/37841af854a3a-2127-422b-91ae-364da2661108
N/A
http://security.gentoo.org/glsa/glsa-200911-02.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1023132af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://support.apple.com/kb/HT3969af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT3970af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2009-1694.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/36881af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/3131af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://zerodayinitiative.com/advisories/ZDI-09-076/af854a3a-2127-422b-91ae-364da2661108
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11903af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6746af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7750af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://java.sun.com/javase/6/webnotes/6u17.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=126566824131534&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=131593453929393&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/37231
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/37239
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/37386
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/37581
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/37841
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200911-02.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1023132
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT3969
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3970
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1694.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/36881
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/3131
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://zerodayinitiative.com/advisories/ZDI-09-076/
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11903
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6746
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7750
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://java.sun.com/javase/6/webnotes/6u17.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=126566824131534&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=131593453929393&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/37231
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/37239
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/37386
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/37581
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/37841
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200911-02.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1023132
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT3969
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3970
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1694.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/36881
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/3131
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://zerodayinitiative.com/advisories/ZDI-09-076/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11903
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6746
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7750
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found