7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Sun Java web start is vulnerable to privilege escalation. An integer overflow flaw was found in the way the JRE processes JPEG images. An untrusted application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the application.
blogs.sun.com/security/entry/advance_notification_of_security_updates5
lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
marc.info/?l=bugtraq&m=125787273209737&w=2
secunia.com/advisories/36162
secunia.com/advisories/36176
secunia.com/advisories/36180
secunia.com/advisories/36248
secunia.com/advisories/37300
secunia.com/advisories/37386
security.gentoo.org/glsa/glsa-200911-02.xml
sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
sunsolve.sun.com/search/document.do?assetkey=1-66-263428-1
www.mandriva.com/security/advisories?name=MDVSA-2009:209
www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
www.redhat.com/security/updates/classification/#important
www.us-cert.gov/cas/techalerts/TA09-294A.html
www.vupen.com/english/advisories/2009/2543
www.zerodayinitiative.com/advisories/ZDI-09-050/
access.redhat.com/errata/RHSA-2009:1201
exchange.xforce.ibmcloud.com/vulnerabilities/52339
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10073
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8073
rhn.redhat.com/errata/RHSA-2009-1200.html
rhn.redhat.com/errata/RHSA-2009-1201.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html