Hole in Sun's Java Web Start compromises Windows PCs
Sun has reported a critical vulnerability in Java Web Start under Windows. Malformed Java Start applications and applets may be granted write access to arbitrary files and directories for which the registered user has write privileges. According to Sun, an application may exploit this vulnerability to manipulate the security policies in the .java.policy file, thereby allowing execution of arbitrary Java applications with higher privileges, and also compromising the system. Visiting a manipulated web site might be sufficient to fall victim to an attack.
Affected products include Java Web Start in JDK and JRE 5.0 Update 11 and earlier versions and also Java Web Start in SDK and JRE 1.4.2_13 (and earlier versions). An update to JDK and JRE 5.0 Update 12 or SDK and JRE 1.4.2_14 will fix this problem. Meanwhile, even Sun recommends users to uninstall previous versions where possible and replace them with the new version. Uninstallation instructions are provided to help the Windows user to perform this task.
Java Web Start in JDK and JRE 6 are not vulnerable, neither are the Solaris and Linux versions of Java Web Start. The vendor does not provide detailed information on where the bug resides. Service provider NGSSoftware, who has detected this flaw, only publishes detailed reports three months after an update has been released.
- Security Vulnerability With Java Web Start May Allow Application to Escalate Privileges, Sun's alert notification