VYPR
Unrated severityNVD Advisory· Published Nov 5, 2009· Updated Jun 16, 2026

CVE-2009-3866

CVE-2009-3866

Description

The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

32
  • Sun Corporation/Jdk15 versions
    cpe:2.3:a:sun:jdk:1.6.0:update_1:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:sun:jdk:1.6.0:update_1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_9:*:*:*:*:*:*
  • Sun Corporation/Jre16 versions
    cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*
  • Range: <6u17

Patches

Vulnerability mechanics

References

19

News mentions

0

No linked articles in our index yet.