CVE-2014-8873
OpenJDK - Remote Code Execution via JAR File MIME Type Handling
Title source: llmDescription
A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary code via a JAR file.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3235
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76019
Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3316
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/07/18/2
Scores
EPSS
0.0454
EPSS Percentile
90.4%
Details
CWE
CWE-20
Status
published
Products (1)
oracle/openjdk
1.7.0
Published
Nov 09, 2015
Tracked Since
Feb 18, 2026