The BEA WebLogic JRockit 1.5.0_14 JRE and SDK contain BEA WebLogic JRockitVirtual Machine 1.5.0_14 and are certified for the Java 5 Platform,Standard Edition, v1.5.0.A flaw in the applet caching mechanism of the Java Runtime Environment(JRE) did not correctly process the creation of network connections. Aremote attacker could use this flaw to create connections to services onmachines other than the one that the applet was downloaded from.(CVE-2007-5232)Untrusted Java Applets were able to drag and drop a file to a DesktopApplication. A user-assisted remote attacker could use this flaw to move orcopy arbitrary files. (CVE-2007-5239)The Java Runtime Environment (JRE) allowed untrusted Java Applets orapplications to display oversized windows. This could be used by remoteattackers to hide security warning banners. (CVE-2007-5240)Unsigned Java Applets communicating via a HTTP proxy could allow a remoteattacker to violate the Java security model. A cached, malicious Appletcould create network connections to services on other machines. (CVE-2007-5273)Two vulnerabilities in the Java Runtime Environment allowed an untrustedapplication or applet to elevate the assigned privileges. This could bemisused by a malicious website to read and write local files or executelocal applications in the context of the user running the Java process.(CVE-2008-0657)Those vulnerabilities concerned with applets can only be triggered injava-1.5.0-bea by calling the 'appletviewer' application. All users of java-1.5.0-bea should upgrade to these updated packages, whichcontain the BEA WebLogic JRockit 1.5.0_14 release that resolves these issues.