Multiple vulnerabilities have been identified in Sun JRE, JDK and SDK, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, or take complete control of an affected system.
The first issue is caused by an unspecified error in the Java Runtime Environment, which may allow an untrusted Java Web Start application or Java applet to move or copy arbitrary files on the system that the application or applet runs on, by tricking a user to drag a file from the application or applet window to a desktop application that has permissions to accept and write files on the system.
The second vulnerability is caused by unspecified errors in Java Web Start, which could allow an untrusted application to determine the location of the Java Web Start cache, or read and write local files that are accessible to the user running the untrusted application.
The third issue is caused by unspecified errors in the Java Runtime Environment, which could be exploited by a malicious applet or web page to make network connections to network services on arbitrary systems.
Credits
Vulnerabilities reported by Peter Csepely, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, David Byrne and Billy Rios.
ChangeLog
2007-10-04 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
