DescriptionMarc Schoenefeld
2007-10-07 12:09:50 UTC
Sun describes a flaw at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1
A vulnerability in the Java Runtime Environment may allow an untrusted Java Web
Start application or Java applet to move or copy arbitrary files on the system
that the application or applet runs on, by requesting the user of the
application or applet to drag a file from the application or applet window to a
desktop application that has permissions to accept and write files on the
system. To exploit this vulnerability, the application or applet has to
successfully persuade the user to drag and drop the file.