New Search

Java Web Start Bugs Let Remote Users Read/Write Files Execute Arbitrary Code and Establish Network Connections

oval:org.mitre.oval:def:5601

Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home (2) java.ext.dirs or (3) user.home System Properties aka "Java Web Start File Inclusion" and CR 6694892.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • VMWare ESX Server 3.5
Class:
vulnerability
Reference(s):
  • CVE-2008-2086
Product(s):