Definition

Integer and Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) "unpack200" JAR Unpacking Utility May Lead to Escalation of Privileges

oval:org.mitre.oval:def:6659

Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier and 6 Update 12 and earlier allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.

Family:

unix

Status:

ACCEPTED

Platform(s):

VMWare ESX Server 3.5
VMWare ESX Server 4.0

Class:

vulnerability

Reference(s):

CVE-2009-1096

Product(s):