CVE-2007-2435 Information

Description

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier and Java Web Start in SDK and JRE 1.4.2_13 and earlier allows remote attackers to perform unauthorized actions via an application that grants privileges to itself related to \Incorrect Use of System Classes\ and probably related to support for JNLP files.

Reference

http://dev2dev.bea.com/pub/advisory/241 http://docs.info.apple.com/article.html?artnum=307177 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://osvdb.org/35483 http://secunia.com/advisories/25069 http://secunia.com/advisories/25283 http://secunia.com/advisories/25413 http://secunia.com/advisories/25474 http://secunia.com/advisories/25832 http://secunia.com/advisories/26311 http://secunia.com/advisories/26369 http://secunia.com/advisories/28115 http://secunia.com/advisories/29858 http://secunia.com/advisories/30780 http://security.gentoo.org/glsa/glsa-200706-08.xml http://security.gentoo.org/glsa/glsa-200804-28.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1 http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml http://www.redhat.com/support/errata/RHSA-2007-0817.html http://www.redhat.com/support/errata/RHSA-2007-0829.html http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.securityfocus.com/bid/23728 http://www.securitytracker.com/id?1017986 http://www.vupen.com/english/advisories/2007/1598 http://www.vupen.com/english/advisories/2007/1814 http://www.vupen.com/english/advisories/2007/4224 https://exchange.xforce.ibmcloud.com/vulnerabilities/33984 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10999