The following vulnerabilities affect the Java Runtime Environment (JRE)
6 update 10 and earlier, 5.0 update 16 and earlier, 1.4.2_18 and
earlier as well as 1.3.1_23 and earlier:
- Untrusted Java Web Start applications could make network
network connections to hosts other than the host the application is
- Untrusted Java Web Start applications could escalate privileges
and gain read, write and execution access to the local
- Untrusted operations performed on the Java Web Start can
potentially allow for the modification of system properties.
- Untrusted Java Web Start applications could determine the
location of the Java Web Start cache as well as the username of the
user running the application.
- Java Plug-in may allow hidden code on a host to make network
connections and hijack HTTP sessions using cookies stored in the
- JRE with applet classloading may allow untrusted applets to
arbitrarily read files on the system and make network connections
to outside hosts.
- Java Web Start BasicService allows untrusted applications
downloaded from another system to request local files.