CVE-2007-5375 Information

Description

Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context when an intranet web server has an HTML document that references a \mayscript=true\ Java applet through a local relative URI which may be associated with different IP addresses by the browser and the JVM.

Reference

http://crypto.stanford.edu/dns/dns-rebinding.pdf http://osvdb.org/40930