JRE Untrusted Application Privilege Escalation Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | November 04, 2009 | December 17, 2009 | November 24, 2015 |
Available Exploits 
Description
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions. This can potentially allow remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
Solution
jre-upgrade-latestRelated Vulnerabilities
- CESA-2009:1647: java-1.5.0-ibm security update
- Apple Java security update for CVE-2009-3872
- JRE Deployment Toolkit Vulnerability
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3871)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3867)
- JRE DER Decoding Denial of Service
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3871)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3866)
- SUSE Linux Security Vulnerability: CVE-2009-3868
- JRE Non-English Update Flaw
- JRE Audio and Image File Buffer and Integer Overflow Vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2009-3876
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3865)
- Apple Java security update for CVE-2009-3865
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3876)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3874)
- RHSA-2009:1584: java-1.6.0-openjdk security update
- Apple Java security update for CVE-2009-3875
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3868)
- Apple Java security update for CVE-2009-3877
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3873)
- SUSE Linux Security Vulnerability: CVE-2009-3874
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3875)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3869)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3867)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3864)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3877)
- SUSE Linux Security Vulnerability: CVE-2009-3865
- Apple Java security update for CVE-2009-3871
- SUSE Linux Security Vulnerability: CVE-2009-3875
- RHSA-2009:1571: java-1.5.0-sun security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3868)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3875)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3866)
- SUSE Linux Security Vulnerability: CVE-2009-3877
- CESA-2009:1571: java-1.5.0-sun security update
- RHSA-2009:1694: java-1.6.0-ibm security update
- CESA-2009:1560: java-1.6.0-sun security update
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3872)
- RHSA-2009:1560: java-1.6.0-sun security update
- CESA-2009:1584: java-1.6.0-openjdk security update
- SUSE Linux Security Vulnerability: CVE-2009-3871
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3872)
- RHSA-2009:1647: java-1.5.0-ibm security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3873)
- JRE Timing Attack
- SUSE Linux Security Vulnerability: CVE-2009-3873
- CESA-2009:1643: java-1.4.2-ibm security update
- Apple Java security update for CVE-2009-3873
- JRE Multiple Overflows
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3869)
- RHSA-2010:0043: Red Hat Network Satellite Server IBM Java Runtime security update
- Apple Java security update for CVE-2009-3874
- Apple Java security update for CVE-2009-3866
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3864)
- USN-859-1: OpenJDK vulnerabilities
- Apple Java security update for CVE-2009-3868
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3874)
- JRE HMAC Digest Flaw
- CESA-2010:0408: java-1.4.2-ibm security update
- RHSA-2009:1662: Red Hat Network Satellite Server Sun Java Runtime security update
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3876)
- SUSE Linux Security Vulnerability: CVE-2009-3866
- RHSA-2009:1551: java-1.4.2-ibm security update
- CESA-2009:1551: java-1.4.2-ibm security update
- RHSA-2010:0408: java-1.4.2-ibm security update
- SUSE Linux Security Vulnerability: CVE-2009-3864
- RHSA-2009:1643: java-1.4.2-ibm security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3865)
- Apple Java security update for CVE-2009-3867
- JRE Java Web Start JNLP Vulnerability
- SUSE Linux Security Vulnerability: CVE-2009-3869
- CESA-2009:1694: java-1.6.0-ibm security update
- SUSE Linux Security Vulnerability: CVE-2009-3867
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3877)
- SUSE Linux Security Vulnerability: CVE-2009-3872
- SUSE Linux Security Advisory: SUSE-SA:2009:058
- JRE DER Decoding and HTTP Header Denial of Service Vulnerability
- Apple Java security update for CVE-2009-3869