Java Web start vulnerability

2008.11.05

Credit: varun srivastav gmail com

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-4910

CWE: NVD-CWE-noinfo

Ogólna skala CVSS: 10/10

Znaczenie: 10/10

Łatwość wykorzystania: 10/10

Wymagany dostęp: Zdalny

Złożoność ataku: Niska

Autoryzacja: Nie wymagana

Wpływ na poufność: Pełny

Wpływ na integralność: Pełny

Wpływ na dostępność: Pełny

Hi,
There is vulnerability in Java Web Start. Already there is some vulnerability posted for persistenceservice service of java web start. But in Basicservice also we can run any file on the client using showDocument method. Just give the URL of file on client computer. If the browser has software attached to run that filetype it will be run automatically without user knowledge.
Regards
Varun Srivastava

Referencje:

http://xforce.iss.net/xforce/xfdb/46119

http://www.securityfocus.com/bid/31916

http://www.securityfocus.com/archive/1/archive/1/497972/100/0/threaded

http://www.securityfocus.com/archive/1/archive/1/497799/100/0/threaded

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Java Web start vulnerability

Referencje:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.