Java Web Start Bugs Let Remote Users Rename/Copy Files on the Target User's System
|
|
SecurityTracker Alert ID: 1018814
|
|
SecurityTracker URL: http://securitytracker.com/id?1018814
|
|
CVE Reference: CVE-2007-5239
(Links to External Site)
|
Date: Oct 12 2007
|
Impact: Modification of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Version(s): 1.3.1_20 and prior, 1.4.2_15 and prior, 5.0 Update 12 and prior, 6 Update 2 and prior
|
Description: A vulnerability was reported in Java Web Start. A remote user can cause files to be renamed or copied on the target user's system.
A remote user can create a specially crafted application or applet that, when loaded by the target user, will copy or rename arbitrary
files when the target user performs a drag-and-drop operation from the application or applet window onto certain types of desktop
applications. File operations will occur with the privileges of the target user.
|
Impact: A remote user can create an application or applet that, when loaded by the target user and when the target user drags and drops from the application or applet to a desktop application, will rename or copy files on the target user's system.
|
Solution: Sun has issued the following fixes.
* JDK and JRE 6 Update 3 or later
* JDK and JRE 5.0 Update 13 or later
* SDK
and JRE 1.4.2_16 or later
This issue will be addressed in the following release (for Solaris 8 and Windows):
* SDK and
JRE 1.3.1_21 or later
JDK and JRE 6 Update 3 is available for download at the following links:
http://java.sun.com/javase/downloads/index.jsp
http://java.com
JDK 6 Update 3 for Solaris is available in the following patches:
* Java SE 6 update 3 (as delivered in patch 125136-04 or
later)
* Java SE 6 update 3 (as delivered in patch 125137-04 or later (64bit))
* Java SE 6_x86 update 3 (as delivered
in patch 125138-04 or later)
* Java SE 6_x86 update 3 (as delivered in patch 125139-04 or later (64bit))
JDK and JRE 5.0
Update 13 is available for download at the following link:
http://java.sun.com/javase/downloads/index_jdk5.jsp
JDK 5.0 Update
13 for Solaris is available in the following patches:
* J2SE 5.0 update 13 (as delivered in patch 118666-14)
* J2SE
5.0 update 13 (as delivered in patch 118667-14 (64bit))
* J2SE 5.0_x86 update 13 (as delivered in patch 118668-14)
* J2SE
5.0_x86 update 13 (as delivered in patch 118669-14 (64bit))
SDK and JRE 1.4.2 is available for download at:
http://java.sun.com/j2se/1.4.2/download.html
SDK
and JRE 1.3.1 for Solaris 8 is available for download at:
http://java.sun.com/j2se/1.3/download.html
The Sun advisory is available
at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1 (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Fri, 12 Oct 2007 10:57:41 -0400
Subject: An Untrusted Java Web Start Application or Java Applet May Move or Copy Arbitrary Files by Requesting the User to Drag and Drop a File from Application or Applet Window to a Desktop Application
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1
CVE-2007-5239
|
|
