CVE-2007-2435

HIGH

Description

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

References

http://dev2dev.bea.com/pub/advisory/241

http://docs.info.apple.com/article.html?artnum=307177

http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

http://osvdb.org/35483

http://secunia.com/advisories/25069

http://secunia.com/advisories/25283

http://secunia.com/advisories/25413

http://secunia.com/advisories/25474

http://secunia.com/advisories/25832

http://secunia.com/advisories/26311

http://secunia.com/advisories/26369

http://secunia.com/advisories/28115

http://secunia.com/advisories/29858

http://secunia.com/advisories/30780

http://security.gentoo.org/glsa/glsa-200706-08.xml

http://security.gentoo.org/glsa/glsa-200804-28.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1

http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm

http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml

http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml

http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml

http://www.redhat.com/support/errata/RHSA-2007-0817.html

http://www.redhat.com/support/errata/RHSA-2007-0829.html

http://www.redhat.com/support/errata/RHSA-2008-0261.html

http://www.securityfocus.com/bid/23728

http://www.securitytracker.com/id?1017986

http://www.vupen.com/english/advisories/2007/1598

http://www.vupen.com/english/advisories/2007/1814

http://www.vupen.com/english/advisories/2007/4224

https://exchange.xforce.ibmcloud.com/vulnerabilities/33984

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999

Details

Source: MITRE

Published: 2007-05-02

Updated: 2017-10-11

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 10

Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 10

Severity: HIGH