NA
CVSSv3

CVE-2007-5236

CVSSv4: NA | CVSSv3: NA | CVSSv2: 5.4 | VMScore: 640 | EPSS: 0.00586 | KEV: Not Included
Published: 06/10/2007 Updated: 21/11/2024

Vulnerability Summary

Java Web Start in Sun JDK and JRE 5.0 Update 12 and previous versions, and SDK and JRE 1.4.2_15 and previous versions, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote malicious users to read local files via an untrusted application.

Vulnerable Product Search on Vulmon Subscribe to Product

sun jdk 1.5.0

sun jre 1.4.2

sun jre 1.4.2 1

sun jre 1.4.2 2

sun jre 1.4.2 3

sun jre 1.4.2 4

sun jre 1.4.2 5

sun jre 1.4.2 6

sun jre 1.4.2 7

sun jre 1.4.2 8

sun jre 1.4.2 9

sun jre 1.4.2 10

sun jre 1.4.2 11

sun jre 1.4.2 12

sun jre 1.4.2 13

sun jre 1.4.2 14

sun jre 1.4.2 15

sun jre 1.4.2 21

sun jre 1.5.0

sun sdk 1.4.2 03

sun sdk 1.4.2 08

sun sdk 1.4.2 09

sun sdk 1.4.2 10

sun sdk 1.4.2 11

sun sdk 1.4.2 12

sun sdk 1.4.2 13

sun sdk 1.4.2 14

sun sdk 1.4.2 15

References

CWE-264https://nvd.nist.govhttps://www.first.org/epsshttp://dev2dev.bea.com/pub/advisory/272http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.htmlhttp://secunia.com/advisories/27261http://secunia.com/advisories/27693http://secunia.com/advisories/27716http://secunia.com/advisories/28777http://secunia.com/advisories/29042http://secunia.com/advisories/29897http://secunia.com/advisories/30676http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.htmlhttp://www.novell.com/linux/security/advisories/2007_55_java.htmlhttp://www.securityfocus.com/bid/25920http://www.vmware.com/security/advisories/VMSA-2008-0010.htmlhttp://www.vupen.com/english/advisories/2007/3895http://www.vupen.com/english/advisories/2008/0609http://www.vupen.com/english/advisories/2008/1856/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/36946https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6115http://dev2dev.bea.com/pub/advisory/272http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.htmlhttp://secunia.com/advisories/27261http://secunia.com/advisories/27693http://secunia.com/advisories/27716http://secunia.com/advisories/28777http://secunia.com/advisories/29042http://secunia.com/advisories/29897http://secunia.com/advisories/30676http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.htmlhttp://www.novell.com/linux/security/advisories/2007_55_java.htmlhttp://www.securityfocus.com/bid/25920http://www.vmware.com/security/advisories/VMSA-2008-0010.htmlhttp://www.vupen.com/english/advisories/2007/3895http://www.vupen.com/english/advisories/2008/0609http://www.vupen.com/english/advisories/2008/1856/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/36946https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6115