TITLE: Java Web Start Sandbox Security Bypass Vulnerability SECUNIA ADVISORY ID: SA18762
VERIFY ADVISORY: http://secunia.com/advisories/18762/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Java Web Start 1.x http://secunia.com/product/1005/ Sun Java JDK 1.5.x http://secunia.com/product/4621/ Sun Java JRE 1.5.x / 5.x http://secunia.com/product/4228/ DESCRIPTION: A vulnerability has been reported in Java Web Start, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error, which may be exploited by a malicious, untrusted application to read and write local files. The vulnerability affects Java Web Start included in J2SE releases 5.0 Update 5 and prior 5.0 releases for Windows, Solaris, and Linux. SOLUTION: The vulnerability has been fixed in J2SE releases 5.0 Update 6 and later for Windows, Solaris, and Linux. http://java.sun.com/j2se/1.5.0/download.jsp ORIGINAL ADVISORY: Sun Microsystems: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102170-1 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
