CVE-2007-2435

critical

Description

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

References

http://docs.info.apple.com/article.html?artnum=307177

http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

http://secunia.com/advisories/25069

http://secunia.com/advisories/25283

http://secunia.com/advisories/25413

http://secunia.com/advisories/25474

http://secunia.com/advisories/25832

http://secunia.com/advisories/26311

http://secunia.com/advisories/26369

http://secunia.com/advisories/28115

http://secunia.com/advisories/29858

http://secunia.com/advisories/30780

http://security.gentoo.org/glsa/glsa-200706-08.xml

http://security.gentoo.org/glsa/glsa-200804-28.xml

https://exchange.xforce.ibmcloud.com/vulnerabilities/33984

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1

http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm

http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml

http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml

http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml

http://www.redhat.com/support/errata/RHSA-2007-0817.html

http://www.redhat.com/support/errata/RHSA-2007-0829.html

http://www.redhat.com/support/errata/RHSA-2008-0261.html

http://www.securitytracker.com/id?1017986

http://www.vupen.com/english/advisories/2007/1598

http://www.vupen.com/english/advisories/2007/1814

http://www.vupen.com/english/advisories/2007/4224

Details

Source: Mitre, NVD

Published: 2007-05-02

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical