fkie_cve-2007-5239
Vulnerability from fkie_nvd
Published
2007-10-06 00:17
Modified
2024-11-21 00:37
Severity ?
Summary
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.
References
cve@mitre.orghttp://dev2dev.bea.com/pub/advisory/272
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
cve@mitre.orghttp://secunia.com/advisories/27206
cve@mitre.orghttp://secunia.com/advisories/27261
cve@mitre.orghttp://secunia.com/advisories/27693
cve@mitre.orghttp://secunia.com/advisories/27716
cve@mitre.orghttp://secunia.com/advisories/27804
cve@mitre.orghttp://secunia.com/advisories/28777
cve@mitre.orghttp://secunia.com/advisories/28880
cve@mitre.orghttp://secunia.com/advisories/29042
cve@mitre.orghttp://secunia.com/advisories/29214
cve@mitre.orghttp://secunia.com/advisories/29340
cve@mitre.orghttp://secunia.com/advisories/29858
cve@mitre.orghttp://secunia.com/advisories/29897
cve@mitre.orghttp://secunia.com/advisories/30676
cve@mitre.orghttp://secunia.com/advisories/30780
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200804-28.xml
cve@mitre.orghttp://securitytracker.com/id?1018814
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1Patch
cve@mitre.orghttp://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2007_55_java.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-0963.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-1041.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0100.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0132.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0156.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/482926/100/0/threaded
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2008-0010.html
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3895
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0609
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/1856/references
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/36950
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8758
af854a3a-2127-422b-91ae-364da2661108http://dev2dev.bea.com/pub/advisory/272
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27206
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27261
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27693
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27716
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27804
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28777
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28880
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29042
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29214
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29340
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29858
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29897
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30676
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30780
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200804-28.xml
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1018814
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1Patch
af854a3a-2127-422b-91ae-364da2661108http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_55_java.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0963.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-1041.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0100.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0132.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0156.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/482926/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2008-0010.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3895
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0609
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1856/references
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/36950
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8758
Impacted products
Vendor Product Version
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jre 1.3.0
sun jre 1.3.0
sun jre 1.3.1
sun jre 1.3.1
sun jre 1.3.1
sun jre 1.3.1
sun jre 1.3.1
sun jre 1.3.1
sun jre 1.4
sun jre 1.4.1
sun jre 1.4.2
sun jre 1.4.2_1
sun jre 1.4.2_3
sun jre 1.4.2_8
sun jre 1.4.2_9
sun jre 1.4.2_10
sun jre 1.4.2_11
sun jre 1.4.2_12
sun jre 1.4.2_13
sun jre 1.4.2_14
sun jre 1.4.2_15
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.6.0
sun jre 1.6.0
sun sdk 1.3.1_01
sun sdk 1.3.1_01a
sun sdk 1.3.1_16
sun sdk 1.3.1_18
sun sdk 1.3.1_19
sun sdk 1.3.1_20
sun sdk 1.4.2
sun sdk 1.4.2_03
sun sdk 1.4.2_08
sun sdk 1.4.2_09
sun sdk 1.4.2_10
sun sdk 1.4.2_11
sun sdk 1.4.2_12
sun sdk 1.4.2_13
sun sdk 1.4.2_14
sun sdk 1.4.2_15


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "EE8E883F-E13D-4FB0-8C6F-B7628600E8D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "2AADA633-EB11-49A0-8E40-66589034F03E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*",
              "matchCriteriaId": "19DC29C5-1B9F-46DF-ACF6-3FF93E45777D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*",
              "matchCriteriaId": "B120F7D9-7C1E-4716-B2FA-2990D449F754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "28BE548B-DD0C-4C58-98CA-5B803F04F9EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "5F8E9AA0-8907-4B1A-86A1-08568195217D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "A337AD31-4566-4A4E-AFF3-7EAECD5C90F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "0754AFDC-2F1C-4C06-AB46-457B5E610029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "DC0ABF7A-107B-4B97-9BD7-7B0CEDAAF359",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*",
              "matchCriteriaId": "A5DA4242-30D9-44C8-9D0D-877348FFA22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "C61C6043-99D0-4F36-AF84-1A5F90B895EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "AD30DAEB-4893-41CF-A455-B69C463B9337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "B8F93BBE-1E8C-4EB3-BCC7-20AB2D813F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB87D43-2860-43DD-94EE-886D7D75A351",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "A06743B3-2637-47C2-BD1A-28D9F584ED75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:update1:*:*:*:*:*:*",
              "matchCriteriaId": "F7F1CF2B-F0B6-45DD-88E1-C0BDF2B973BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:update16:*:*:*:*:*:*",
              "matchCriteriaId": "FD3AC618-7B66-4167-ABE5-87BE6907FB5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:update18:*:*:*:*:*:*",
              "matchCriteriaId": "2B0EAF17-18D3-45F2-9B6F-66BEC0F49FB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:update19:*:*:*:*:*:*",
              "matchCriteriaId": "5F861B32-B878-4DFC-A9D1-350B1013AA1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:update1a:*:*:*:*:*:*",
              "matchCriteriaId": "04FB9247-7DB5-46A1-9E99-C25A729FB5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:update20:*:*:*:*:*:*",
              "matchCriteriaId": "5A469586-4106-48BB-BF92-8FFDC8AA4C44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D73559DD-54B4-4DF2-81BC-9109DB29DCCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.1:update3:*:*:*:*:*:*",
              "matchCriteriaId": "58FC43CA-1F08-4A4B-838B-840838BC67FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63978872-E797-4F13-B0F9-98CB67D0962A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EEAB662-644A-4D7B-8237-64142CF48724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BED1009E-AE60-43A0-A0F5-38526EFCF423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D102063B-2434-4141-98E7-2DE501AE1728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*",
              "matchCriteriaId": "03B8CD03-CD31-4F4D-BA90-59435578A4F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*",
              "matchCriteriaId": "41A994BF-1F64-480A-8AA5-748DDD0AB68C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*",
              "matchCriteriaId": "88519F2D-AD06-4F05-BEDA-A09216F1B481",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC728978-368D-4B36-B149-70473E92BD1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD5187B1-CB86-48E8-A595-9FCFD9822C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C660DE4-543A-4E9B-825D-CD099D08CBD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*",
              "matchCriteriaId": "98C1942E-16C0-4EB2-AB57-43EC6EC9C3A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC09E8-7F30-4FE4-912E-588AA250E2A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "A586DE4E-8A46-41DE-9FDB-5FDB81DCC87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*",
              "matchCriteriaId": "9919D091-73D7-465A-80FF-F37D6CAF9F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*",
              "matchCriteriaId": "02565D6F-4CB2-4671-A4EF-3169BCFA6154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7EA5B9E9-654D-44F7-AE98-3D8B382804AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "44051CFE-D15D-4416-A123-F3E49C67A9E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "F296ACF3-1373-429D-B991-8B5BA704A7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "B863420B-DE16-416A-9640-1A1340A9B855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "724C972F-74FE-4044-BBC4-7E0E61FC9002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "46F41C15-0EF4-4115-BFAA-EEAD56FAEEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*",
              "matchCriteriaId": "EBE909DE-E55A-4BD3-A5BF-ADE407432193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "5DAC04D2-68FD-4793-A8E7-4690A543D7D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "09027C19-D442-446F-B7A8-21DB6787CF43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "7158D2C0-E9AC-4CD6-B777-EA7B7A181997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*",
              "matchCriteriaId": "34710306-D6CF-4D07-84BF-71A8839BE416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*",
              "matchCriteriaId": "44B93DC8-6375-4B41-B9BC-F22F592C56B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*",
              "matchCriteriaId": "A053DEF6-1317-4DA8-91D7-E1970DA62351",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB0605FF-3DDC-4F3A-8171-F3A447E9C292",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*",
              "matchCriteriaId": "801FF3B4-0729-4710-BFC2-4B078029944F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB8591E-3D6E-489B-B0D6-CEBB9D09EA68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "002CA86D-3090-4C7A-947A-21CB5D1ADD98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*",
              "matchCriteriaId": "37A3D49A-BE20-47BF-A85F-122357BAB098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD02EBDF-6E51-4538-9EDD-B1DE914D09C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*",
              "matchCriteriaId": "53C3C0E3-5F40-412B-A4AD-A7A291DE2A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*",
              "matchCriteriaId": "36888382-79C8-4C97-A654-C668CD68556F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*",
              "matchCriteriaId": "F34C99E6-F9F0-4EF3-8601-B47EAE3D7273",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A74DD08D-CEDB-460E-BED5-78F6CAF18BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60560EC-6DBD-4A17-BFFA-FAD9193A0BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4F64FBC-DC97-4FE3-A235-18B87945AF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*",
              "matchCriteriaId": "85048406-9051-4E69-94A8-5C449F3B89E7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications."
    },
    {
      "lang": "es",
      "value": "Java Web Start en Sun JDK y JRE 6 Update 2 y anteriores, JDK y JRE 5.0 Update 12 y anteriores, SDK y JRE 1.4.2_15 y anteriores, y SDK y JRE 1.3.1_20 y anteriores no hace valer de forma adecuada las restricciones de acceso en (1) aplicaciones no v\u00e1lidas y (2) applets. lo cual permite a atacantes remotos con la intervenci\u00f3n de un usuario copiar o renombrar archivos de su elecci\u00f3n cuando los usuarios locales realizan operaciones arrastrar-y-soltar desde la aplicaci\u00f3n no v\u00e1lida o el applet de la ventana dentro de ciertos tipos de aplicaciones escritorio."
    }
  ],
  "id": "CVE-2007-5239",
  "lastModified": "2024-11-21T00:37:27.163",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-10-06T00:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://dev2dev.bea.com/pub/advisory/272"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27206"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27261"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27693"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27716"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27804"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28777"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28880"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29042"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29214"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29340"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29858"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29897"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30676"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30780"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1018814"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3895"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0609"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1856/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36950"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dev2dev.bea.com/pub/advisory/272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28777"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1856/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8758"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.