| VID |
28201 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Windows host has a version of Sun Java JRE that is vulnerable to a file overwrite vulnerability in the Java Web Start. Java Web Start in JDK and JRE 5.0 Update 11 and Java Web Start in SDK and JRE 1.4.2_13 and earlier versions could allow a remote attacker to perform unauthorized actions via an application that grants file overwrite privileges to itself. By convincing a user to view a specially-crafted applet, a remote attacker could overwrite arbitrary files including the java.policy file to invoke applets or Java Web Start applications and execute arbitrary code on the system with the privileges of the user. If the user is logged in with administrative privileges, the attacker could take complete control of a vulnerable system.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102957-1
http://archives.neohapsis.com/archives/bugtraq/2007-07/0013.html
http://www.frsirt.com/english/advisories/2007/2384
http://www.securitytracker.com/id?1018328
http://secunia.com/advisories/25823
* Platforms Affected:
Sun Microsystems, Sun Java 2 Platform (J2SE) 5 Update 11 and earlier
Sun Microsystems, Sun Java 2 Platform (J2SE) 1.4.2_13 and earlier
Sun Microsystems, Solaris 7, 8, 9
Microsoft Windows Any version |
| Recommendation |
Update to Java Web Start in JDK and JRE 5.0 Update 12 or later, or Java Web Start in SDK and JRE 1.4.2_14 or later, available from the following Sun Microsystems, Inc. Web sites:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102957-1
http://java.sun.com/j2se/1.5.0/download.jsp
http://java.sun.com/j2se/1.4.2/download.html
-- AND --
When upgrading a Java installation on a computer, all previous versions should be uninstalled to prevent them being accessed to run a malicious applet that may exploit latent vulnerabilities that may exist in those other previous versions.
It is also possible to workaround this issue by disabling Java support in the Web browser or any other applications that provide an environment for execution Java applets. |
| Related URL |
CVE-2007-3504 (CVE) |
| Related URL |
24695 (SecurityFocus) |
| Related URL |
35169 (ISS) |
|
