Published:2007/05/08  Last Updated:2011/10/21

JVN#44724673
Java Web Start vulnerable to execution of unauthorized system classes
Critical

Overview

Java Web Start, included in the JRE (Java Runtime Environment) from Sun Microsystems and other products, contains a vulnerability allowing unauthorized execution of system classes.

Products Affected

  • SDK 1.4.2 Update 13 and earlier
  • JDK 5 Update 10 and earlier
  • JRE 1.4.2 Update 13 and earlier
  • JRE 5 Update 10 and earlier
For more information, refer to the vendor's website.

Description

Java Web Start, included in the JRE (Java Runtime Environment) and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an unauthorized system class.

Impact

An arbitrary command or code may be executed or files on a user's computer may be overwritten, with the privilege of the user running the application.

Solution

Update the Software
Update to the fixed version from the vendor.

Vendor Status

Vendor Status Last Update Vendor Notes
Allied Telesis K.K. vulnerable 2008/05/21
NEC Corporation vulnerable 2011/10/20
Vendor Link
Sun Sun Alert#102881 Security Vulnerability With Java Web Start Related to Incorrect Use of System Classes

References

JPCERT/CC Addendum

The SunAlert does not mention about JDK(JRE)6 series. We have been informed from Sun Microsystems that this vulnerability has been addressed in JRE 6 b98 beta.

Vulnerability Analysis by JPCERT/CC

Analyzed on 2007.05.08  Critical

Measures Conditions Severity
Access Required can be attacked over the Internet using packets
  • High
Authentication anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file
  • Mid
Exploit Complexity some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls)
  • Mid-High

Description of each analysis measures

Credit

Hisashi Kojima of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert JPCERT-AT-2007-0011
JPCERT Reports JPCERT-WR-2007-1701
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2007-2435
JVN iPedia JVNDB-2007-000329

Update History

2011/10/21
NEC Corporation update status