CVE-2007-5689 – java-jre: Applet Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-5689
The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. La Máquina Virtual de java (JVM) de Sun Java Runtime Environment (JRE) de SDK y JRE 1.3.x hasta 1.3.1_20 y 1.4.x hasta 1.4.2_15, y JDK y JRE 5.x hata 5.0 Update 12 y 6.x hata 6 Update 2, permite a atacantes remotos ejecutar programas de su elección, o leer o modificar ficheros de su elección, mediante applets que conceden privilegios a si mismos. • http://dev2dev.bea.com/pub/advisory/272 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 http://osvdb.org/40834 http://secunia.com/advisories/27320 http://secunia.com/advisories/27693 http://secunia.com/advisories/29042 http://secunia.com/advisories/29858 http://secunia.com/advisories/30676 http://secunia.com/advisories/30780 http://security.gentoo.org/glsa/glsa-200804-28.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1 •
CVE-2007-5274 – Anti-DNS Pinning and Java Applets with Opera and Firefox
https://notcve.org/view.php?id=CVE-2007-5274
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. Sun Java Runtime Environment (JRE) en JDK y JRE versión 6 Update 2 y anteriores, JDK y JRE versión 5.0 Update 12 y anteriores, SDK y JRE versión 1.4.2_15 y anteriores, y SDK y JRE versión 1.3.1_20 y anteriores, cuando Firefox u Opera son usados, permite a los atacantes remotos violar el modelo de seguridad para las conexiones salientes de JavaScript por medio de un ataque de reconexión de DNS de múltiples pines dependiente de la API LiveConnect, en la que la descarga JavaScript depende de la resolución DNS del navegador, pero las operaciones socket de JavaScript se basan en una resolución DNS separada por una máquina virtual Java (JVM), un problema diferente al CVE-2007-5273. NOTA: este es igual al CVE-2007-5232. • http://crypto.stanford.edu/dns/dns-rebinding.pdf http://dev2dev.bea.com/pub/advisory/272 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/27206 http://secunia.com/advisories/27261 http://secunia.com/advisories/27693 http://secunia.com/advisories/27716 http://secunia.com/advisories/27804 http://secunia.com/advisories/28777 http://secunia.com/adviso •
CVE-2007-5019 – Sun jre1.6.0_X - isInstalled.dnsResolve Function Overflow
https://notcve.org/view.php?id=CVE-2007-5019
Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 1.6.0_X allows remote attackers to have an unknown impact via a long argument to the dnsResolve (isInstalled.dnsResolve) method. Desbordamiento de búfer en el control ActiveX Sun Java Web Start del Java Runtime Environment (JRE) 1.6.0_X permite a atacantes remotos tener un impacto desconocido a través del uso de un argumento largo en el método dnsResolve (isInstalled.dnsResolve) • https://www.exploit-db.com/exploits/4432 http://osvdb.org/38297 http://www.securityfocus.com/bid/25734 https://exchange.xforce.ibmcloud.com/vulnerabilities/36682 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4381 – Sun Java Runtime Environment 1.4.2 - Font Parsing Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-4381
Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. Vulnerabilidad no especificada en la implementación del parche fuente en Sun JDK and JRE 5.0 Update 9 y anteriores, y SDK y JRE 1.4.2_14 y anteriores, permite a atacantes remotos llevar a cabo acciones no autorizadas a través de un applet que gana ciertos privilegios por si mismo. • https://www.exploit-db.com/exploits/30502 http://dev2dev.bea.com/pub/advisory/248 http://docs.info.apple.com/article.html?artnum=307177 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/26402 http://secunia.com/advisories/26631 http://secunia.com/advisories/26933 http://secunia.com/advisories/27203 http://secunia.com/advisories/27716 http://secunia. •
CVE-2007-3922 – Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions
https://notcve.org/view.php?id=CVE-2007-3922
Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. Vulnerabilidad no especificada en Java Runtime Environment (JRE) Applet Class Loader en Sun JDK y JRE 5.0 Update 11 y versiones anteriores , 6 hasta 6 Update 1, y SDK y JRE 1.4.2_14 y versiones anteriores, permite a atacantes remotos romper el modelo de seguridad en las conexiones salientes de un applet al conectarse a determinados servicios localhost ejecutándose en la máquina que cargó el applet. • http://dev2dev.bea.com/pub/advisory/248 http://docs.info.apple.com/article.html?artnum=307177 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://secunia.com/advisories/26314 http://secunia.com/advisories/26369 http://secunia.com/advisories/26631 http://secunia.com/advisories/26645 http://secunia.com/advisories/26933 http://secunia.com/advisories/27266 http://secunia.com •