CVE-2007-5239

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier does not properly enforce access restrictions for untrusted 1 applications and 2 applets, which allows user-assisted remote attacke...

CVE-2007-5236

Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.215 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application...

Design/Logic Flaw

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.215 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information the Java Web...

CVE-2007-5237

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities."...

CVE-2007-5239

The CVE-2007-5239 issue affects Sun Java Web Start / JRE components. Affected products include JDK/JRE 6 Update 2 and earlier, JDK/JRE 5.0 Update 12 and earlier, J2SE 1.4.2_15 and earlier, and J2SE 1.3.1_20 and earlier. The root cause is that Java Web Start/applets do not properly enforce access ...

CVE-2007-5238

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.215 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information the Java Web...

CVE-2007-5019

Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment JRE 1.6.0X allows remote attackers to have an unknown impact via a long argument to the dnsResolve isInstalled.dnsResolve method...

javaws vulnerabilities

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to...

A buffer overflow vulnerability in Java Web Start URL parsing code

Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file...

javaws vulnerabilities

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to...

A buffer overflow vulnerability in Java Web Start URL parsing code

Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file...

jnlp-overflow.txt

'----------------------------------------------------------------------------------------------- ' Java Web Start Buffer Overflow POC Exploit ' ' FileName: JavaWebStartPOC.VBS ' Contact: ZhenHan.Liuph4nt0m.org ' Date: 2007-07-10 ' Team: http://www.ph4nt0m.org ' Enviroment: Tested on JRE 1.6,...

CVE-2007-3655

Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file...

CVE-2007-3655

Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file...

CVE-2007-3655

Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file...

CVE-2007-3655

CVE-2007-3655 is a stack-based buffer overflow in javaws.exe (Sun Java Web Start) within JRE 5.0 Update 11 and earlier and 6.0 Update 1 and earlier. An attacker could remotely exploit a long codebase attribute in a JNLP file to execute arbitrary code. Red Hat advisories indicate this CVE was addr...

Sun Java Runtime Environment 1.6 - Web Start .JNLP File Stack Buffer Overflow

Sun Java Runtime Environment 1.6 - Web Start .JNLP File Stack Buffer Overflow source: https://www.securityfocus.com/bid/24832/info Sun Java Runtime Environment is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it...

High Risk Flaw in Sun's Java Web Start

John Heasman of NGSSoftware has discovered a high risk vulnerability in Sun Microsystem's Java Web Start that ships with the JRE and JDK on Windows platforms. The vulnerability affects the following version of Java Web Start: Java Web Start in JDK and JRE 5.0 Update 11 and earlier Java Web Start ...

Sun Java Web Start任意文件覆盖权限提升漏洞

BUGTRAQ ID: 24695 Java Web Start是用于简化在客户端部署Java应用程序的技术。 Java Web Start在处理应用程序的访问权限时存在漏洞，攻击者可能利用此漏洞提升自己的权限。 Java Web Start中的安全漏洞允许不可信任的应用程序给予其本身覆盖任何运行应用程序用户可写文件的权限，包括用户的.java.policy文件，这允许应用程序调用applet或Java Web Start应用程序，以运行不可信任应用程序的权限执行任意指令。 Sun JDK = 5.0 Update 11 Sun JRE = 5.0 Update 11 Sun JRE...

Java Web Start directory traversal

Directory traversal allows to bypass sandbox environment...