EUVD-2009-1667

Malware in sbrugna...

java-1.6.0-sun: Privilege escalation in the Java Web Start Installer (6872824)

The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an...

Security feature bypass

The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment aka JRE 6 Update 13 allows remote attackers to 1 execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes v...

PT-2009-4156 · Sun · Sun Java Runtime Environment

Name of the Vulnerable Software and Affected Versions: Sun Java SE Runtime Environment JRE 6 Update 13 Description: The issue allows remote attackers to execute arbitrary code via a .jnlp URL in the argument to the launch method. Additionally, it might allow remote attackers to launch JRE...