CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 0CVE-2007-2435 – javaws vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2435
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. Sun Java Web Start en JDK y JRE 5.0 hasta 10 y anteriores, y Java Web Start en SDK y JRE 1.4.2_13 y anteriores, permite a atacantes remotos realizar acciones no autorizadas a través de una aplicación que concede privilegios a si mismo, relacionado con "Uso incorrecto de sistemas de clases" y probablemente relacionado con el apoyo para ficheros JNLP. • http://dev2dev.bea.com/pub/advisory/241 http://docs.info.apple.com/article.html?artnum=307177 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://osvdb.org/35483 http://secunia.com/advisories/25069 http://secunia.com/advisories/25283 http://secunia.com/advisories/25413 http://secunia.com/advisories/25474 http://secunia.com/advisories/25832 http://secunia.com/advisories/26311 http://secunia.com/advisories/26369 http://secunia.com/advisories/28 • CWE-264: Permissions, Privileges, and Access Controls •