CVE-2009-1671 Information

Description

Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType (2) setAdditionalPackages (3) compareVersion (4) getStaticCLSID or (5) launch method.

Reference

http://www.securityfocus.com/bid/34931 http://www.shinnai.net/xplits/TXT_mhxRKrtrPLyAHRFNm7QR.html https://www.exploit-db.com/exploits/8665