CVE-2009-1672 Information

Description

The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method.

Reference

http://www.securityfocus.com/bid/34931 http://www.shinnai.net/xplits/TXT_mhxRKrtrPLyAHRFNm7QR.html https://exchange.xforce.ibmcloud.com/vulnerabilities/50629 https://www.exploit-db.com/exploits/8665