|
|
CVE Reference: CVE-2007-3504 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-3504 |
|
|
Description: Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/35169 SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102957-1 ST 1018328 SAID Secunia Advisory: SA25823 Secunia Advisory: SA28115 MISC http://docs.info.apple.com/article.html?artnum=307177 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/472673/100/0/threaded BID 24695 APPLE http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html |
|
| Return to the previous page. |
