Unrated severityNVD Advisory· Published May 18, 2009· Updated Apr 23, 2026

CVE-2009-1672

Description

The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method.

Affected products

Sun Corporation/Jre
cpe:2.3:a:sun:jre:6:update_13:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/34931nvdExploit
www.shinnai.net/xplits/TXT_mhxRKrtrPLyAHRFNm7QR.htmlnvdExploitURL Repurposed
exchange.xforce.ibmcloud.com/vulnerabilities/50629nvd
www.exploit-db.com/exploits/8665nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000