The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html
https://bugzilla.redhat.com/show_bug.cgi?id=677332
http://secunia.com/advisories/43350
http://security.gentoo.org/glsa/glsa-201406-32.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/65534
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117
http://www.debian.org/security/2011/dsa-2224
http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
Published: 2011-02-19
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: High