FILE-JAVA -- Snort has detected traffic targeting vulnerabilities that are exploited in java files such as .class or .jar.
FILE-JAVA Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt
Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow. Impact: CVSS base score 7.5 CVSS impact score 6.4 CVSS exploitability score 10.0 confidentialityImpact PARTIAL integrityImpact PARTIAL availabilityImpact PARTIAL Details: Ease of Attack:
No information provided
No public information
No known false positives
Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].
No rule groups
CVE-2009-1099 |
Loading description
|
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
