Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2007-5239

Disclosure Date: October 06, 2007
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Vendors

  • sun

Products

  • jdk 1.5.0,
  • jdk 1.6.0,
  • jre 1.3.0,
  • jre 1.3.1,
  • jre 1.4,
  • jre 1.4.1,
  • jre 1.4.2,
  • jre 1.4.2 1,
  • jre 1.4.2 10,
  • jre 1.4.2 11,
  • jre 1.4.2 12,
  • jre 1.4.2 13,
  • jre 1.4.2 14,
  • jre 1.4.2 15,
  • jre 1.4.2 3,
  • jre 1.4.2 8,
  • jre 1.4.2 9,
  • jre 1.5.0,
  • jre 1.6.0,
  • sdk 1.3.1 01,
  • sdk 1.3.1 01a,
  • sdk 1.3.1 16,
  • sdk 1.3.1 18,
  • sdk 1.3.1 19,
  • sdk 1.3.1 20,
  • sdk 1.4.2,
  • sdk 1.4.2 03,
  • sdk 1.4.2 08,
  • sdk 1.4.2 09,
  • sdk 1.4.2 10,
  • sdk 1.4.2 11,
  • sdk 1.4.2 12,
  • sdk 1.4.2 13,
  • sdk 1.4.2 14,
  • sdk 1.4.2 15

References

Advisory

Additional Info

Technical Analysis