CERTA-2007-AVI-454
Vulnerability from certfr_avis - Published: 2007-10-24 - Updated: 2007-10-24
Une vulnérabilité touchant la machine virtuelle de Java Runtime Environment permettrait à une appliquette (applet) spécialement construite d'élever ses privilèges.
Description
Une vulnérabilité touchant la machine virtuelle de Java Runtime Environment permettrait à une appliquette (applet) spécialement construite d'élever ses privilèges. À titre d'exemple, une appliquette (applet) pourrait s'attribuer des permissions en lecture et en écriture sur des fichiers locaux ou exécuter des applications accessibles par l'utilisateur de l'appliquette (applet).
Solution
Se référer au bulletin de sécurité de Sun pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "JDK et JRE 6 avec la mise \u00e0 jour 2 et les versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "JDK et JRE 5 avec la mise \u00e0 jour 12 et les versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "SDK et JRE 1.4.2_15 et les versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "SDK et JRE 1.3.1_20 et les versions pr\u00e9c\u00e9dentes.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 touchant la machine virtuelle de Java Runtime\nEnvironment permettrait \u00e0 une appliquette (applet) sp\u00e9cialement\nconstruite d\u0027\u00e9lever ses privil\u00e8ges. \u00c0 titre d\u0027exemple, une appliquette\n(applet) pourrait s\u0027attribuer des permissions en lecture et en \u00e9criture\nsur des fichiers locaux ou ex\u00e9cuter des applications accessibles par\nl\u0027utilisateur de l\u0027appliquette (applet).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de Sun pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2007-10-24T00:00:00",
"last_revision_date": "2007-10-24T00:00:00",
"links": [],
"reference": "CERTA-2007-AVI-454",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-10-24T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 touchant la machine virtuelle de Java Runtime\nEnvironment permettrait \u00e0 une appliquette (\u003cspan\nclass=\"textit\"\u003eapplet\u003c/span\u003e) sp\u00e9cialement construite d\u0027\u00e9lever ses\nprivil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans la machine virtuelle Java",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sun 103112 du 22 octobre 2007",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…