Unrated severityNVD Advisory· Published Aug 5, 2009· Updated Apr 23, 2026
CVE-2009-2676
CVE-2009-2676
Description
Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher.
Affected products
137cpe:2.3:a:sun:java_se:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sun:java_se:*:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_se:*:*:business:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*+ 32 more
- cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:*:update_14:*:*:*:*:*:*range: <=1.6.0
- cpe:2.3:a:sun:jdk:*:update19:*:*:*:*:*:*range: <=1.5.0
cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:*+ 66 more
- cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:*range: <=1.4.2_21
- cpe:2.3:a:sun:jre:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.0_01:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.0_02:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.0_03:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.0_04:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1:update3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update16:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update17:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update18:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update19:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update20:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:*:update_14:*:*:*:*:*:*range: <=1.6.0
- cpe:2.3:a:sun:jre:*:update19:*:*:*:*:*:*range: <=1.5.0
cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*+ 34 more
- cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*range: <=1.4.2_21
- cpe:2.3:a:sun:sdk:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.0_01:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.0_02:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.0_03:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.0_04:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.1_01:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.1_02:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.1_03:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.1_04:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.1_05:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.1_06:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.1_07:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
23- sunsolve.sun.com/search/document.donvdPatch
- sunsolve.sun.com/search/document.donvdPatchVendor Advisory
- secunia.com/advisories/36176nvdVendor Advisory
- secunia.com/advisories/36199nvdVendor Advisory
- secunia.com/advisories/36248nvdVendor Advisory
- secunia.com/advisories/37300nvdVendor Advisory
- secunia.com/advisories/37386nvdVendor Advisory
- secunia.com/advisories/37460nvdVendor Advisory
- www.vupen.com/english/advisories/2009/3316nvdVendor Advisory
- www.us-cert.gov/cas/techalerts/TA09-294A.htmlnvdUS Government Resource
- lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.htmlnvd
- marc.infonvd
- osvdb.org/56789nvd
- security.gentoo.org/glsa/glsa-200911-02.xmlnvd
- www.oracle.com/technetwork/topics/security/cpuoct2009-096303.htmlnvd
- www.securityfocus.com/archive/1/507985/100/0/threadednvd
- www.securityfocus.com/bid/35946nvd
- www.securitytracker.com/idnvd
- www.vmware.com/security/advisories/VMSA-2009-0016.htmlnvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8453nvd
- rhn.redhat.com/errata/RHSA-2009-1199.htmlnvd
- rhn.redhat.com/errata/RHSA-2009-1200.htmlnvd
News mentions
0No linked articles in our index yet.