« AMX VNC ActiveX Control Multiple Property Handling Command Execution Vulnerability
Fedora Security Update Fixes krb5 Multiple Remote Code Execution Vulnerabilities »

Sun Java Web Start Arbitrary File Overwrite and Command Execution Vulnerability

Published at June 29, 2007 in Vulnerabilities & Exploits.

Technical Description
 A vulnerability has been identified in Sun JDK, JRE and SDK, which could be exploited by attackers to bypass security checks and take complete control of an affected system. This issue is caused by an unspecified error in Java Web Start, which may allow an untrusted application to grant itself permissions to overwrite any file that is writable by the user running the application (including the ".java.policy" file) allowing the application to invoke applets or Java Web Start applications that can execute arbitrary code with the privileges of the user running the untrusted application. 

Affected Products 
Sun JDK version 5.0 Update 11 and prior Sun JRE version 5.0 Update 11 and prior Sun JRE version 1.4.2_13 and prior Sun SDK version 1.4.2_13 and prior 

Solution 
Upgrade to J2SE version 5.0 or 1.4.2 : 
http://java.sun.com/j2se/1.5.0/download.jsp 
http://java.sun.com/j2se/1.4.2/download.html

0 Responses to “Sun Java Web Start Arbitrary File Overwrite and Command Execution Vulnerability”

Feed for this Entry Trackback Address
  1. No Comments

Leave a Reply

« AMX VNC ActiveX Control Multiple Property Handling Command Execution Vulnerability
Fedora Security Update Fixes krb5 Multiple Remote Code Execution Vulnerabilities »