Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-5239

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.

Published

2007-10-06T00:17:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: HIGH
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

4.9

Impact Score

4.9

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sun jdk 1.5.0 Yes
Application sun jdk 1.5.0 Yes
Application sun jdk 1.5.0 Yes
Application sun jdk 1.5.0 Yes
Application sun jdk 1.5.0 Yes
Application sun jdk 1.5.0 Yes
Application sun jdk 1.5.0 Yes
Application sun jdk 1.5.0 Yes
Application sun jdk 1.5.0 Yes
Application sun jdk 1.5.0 Yes
Application sun jdk 1.5.0 Yes
Application sun jdk 1.6.0 Yes
Application sun jdk 1.6.0 Yes
Application sun jre 1.3.0 Yes
Application sun jre 1.3.0 Yes
Application sun jre 1.3.1 Yes
Application sun jre 1.3.1 Yes
Application sun jre 1.3.1 Yes
Application sun jre 1.3.1 Yes
Application sun jre 1.3.1 Yes
Application sun jre 1.3.1 Yes
Application sun jre 1.4 Yes
Application sun jre 1.4.1 Yes
Application sun jre 1.4.2 Yes
Application sun jre 1.4.2_1 Yes
Application sun jre 1.4.2_3 Yes
Application sun jre 1.4.2_8 Yes
Application sun jre 1.4.2_9 Yes
Application sun jre 1.4.2_10 Yes
Application sun jre 1.4.2_11 Yes
Application sun jre 1.4.2_12 Yes
Application sun jre 1.4.2_13 Yes
Application sun jre 1.4.2_14 Yes
Application sun jre 1.4.2_15 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.5.0 Yes
Application sun jre 1.6.0 Yes
Application sun jre 1.6.0 Yes
Application sun sdk 1.3.1_01 Yes
Application sun sdk 1.3.1_01a Yes
Application sun sdk 1.3.1_16 Yes
Application sun sdk 1.3.1_18 Yes
Application sun sdk 1.3.1_19 Yes
Application sun sdk 1.3.1_20 Yes
Application sun sdk 1.4.2 Yes
Application sun sdk 1.4.2_03 Yes
Application sun sdk 1.4.2_08 Yes
Application sun sdk 1.4.2_09 Yes
Application sun sdk 1.4.2_10 Yes
Application sun sdk 1.4.2_11 Yes
Application sun sdk 1.4.2_12 Yes
Application sun sdk 1.4.2_13 Yes
Application sun sdk 1.4.2_14 Yes
Application sun sdk 1.4.2_15 Yes
References