Description
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.
References (31)
Core 31
Core References
Vendor Advisory x_refsource_misc
http://docs.info.apple.com/article.html?artnum=307177
Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/241
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23728
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1814
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26311
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25283
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35483
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1598
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26369
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25413
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200804-28.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29858
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0817.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25832
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4224
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200706-08.xml
Patch, Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33984
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30780
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1017986
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25069
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28115
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0261.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25474
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0829.html
Scores
EPSS
0.0471
EPSS Percentile
89.5%
Details
CWE
CWE-264
Status
published
Products (4)
sun/java_enterprise_system
< 5.0
sun/jre
< 1.4.2
sun/jre
< 1.5.0
sun/sdk
< 1.4.3_13
Published
May 02, 2007
Tracked Since
Feb 18, 2026