VulnerableCode Vulnerability Details - VCID-c5un-z1f5-wuhd

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-c5un-z1f5-wuhd

Essentials
Severities (7)
References (14)
Severity details (0)
Exploits (2)
EPSS
History (1)

Vulnerability ID	VCID-c5un-z1f5-wuhd
Aliases	CVE-2009-3867
Summary	Multiple vulnerabilities in the Sun JDK and JRE allow for several attacks, including the remote execution of arbitrary code.
Status	Published
Exploitability	2.0
Weighted Severity	0.8
Risk	1.6
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-121

Stack-based Buffer Overflow

System	Score	Found at
epss	0.89141	https://api.first.org/data/v1/epss?cve=CVE-2009-3867
epss	0.89141	https://api.first.org/data/v1/epss?cve=CVE-2009-3867
epss	0.89141	https://api.first.org/data/v1/epss?cve=CVE-2009-3867
epss	0.89141	https://api.first.org/data/v1/epss?cve=CVE-2009-3867
epss	0.89141	https://api.first.org/data/v1/epss?cve=CVE-2009-3867
epss	0.89141	https://api.first.org/data/v1/epss?cve=CVE-2009-3867
epss	0.89244	https://api.first.org/data/v1/epss?cve=CVE-2009-3867

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3867.json
		https://api.first.org/data/v1/epss?cve=CVE-2009-3867
533214		https://bugzilla.redhat.com/show_bug.cgi?id=533214
CVE-2009-3867;OSVDB-59711	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33315.java
CVE-2009-3867;OSVDB-59711	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16294.rb
CVE-2009-3867;OSVDB-59711	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33316.java
CVE-2009-3867;OSVDB-59711	Exploit	https://www.securityfocus.com/bid/36881/info
CVE-2009-3867;OSVDB-59711	Exploit	http://zerodayinitiative.com/advisories/ZDI-09-076/
GLSA-200911-02		https://security.gentoo.org/glsa/200911-02
RHSA-2009:1560		https://access.redhat.com/errata/RHSA-2009:1560
RHSA-2009:1571		https://access.redhat.com/errata/RHSA-2009:1571
RHSA-2009:1643		https://access.redhat.com/errata/RHSA-2009:1643
RHSA-2009:1647		https://access.redhat.com/errata/RHSA-2009:1647
RHSA-2010:0043		https://access.redhat.com/errata/RHSA-2010:0043

Data source	Exploit-DB
Date added	Oct. 29, 2009
Description	Sun Java SE November 2009 - Multiple Vulnerabilities (2)
Ransomware campaign use	Known
Source publication date	Oct. 29, 2009
Exploit type	remote
Platform	multiple
Source update date	Dec. 18, 2016
Source URL	https://www.securityfocus.com/bid/36881/info

Data source	Metasploit
Description	This module exploits a flaw in the getSoundbank function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier. NOTE: Although all of the above versions are reportedly vulnerable, only 1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
Note	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
Ransomware campaign use	Unknown
Source publication date	Nov. 4, 2009
Platform	OSX,Windows
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/java_getsoundbank_bof.rb

There are no known vectors.

Exploit Prediction Scoring System (EPSS)

Percentile	0.99527
EPSS Score	0.89141
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:04:28.837885+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/200911-02	38.0.0