Bug 321981 (CVE-2007-5239)

Summary: CVE-2007-5239 Untrusted Application or Applet May Move or Copy Arbitrary Files
Product: [Other] Security Response Reporter: Marc Schoenefeld <mschoene>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: kreilly
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-10 20:26:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 322011, 322021, 368071, 368081, 368091, 368111, 368121, 435710, 435711, 435899, 435900, 435901, 455573    
Bug Blocks:    

Description Marc Schoenefeld 2007-10-07 12:09:50 UTC 
Sun describes a flaw at: 

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1

A vulnerability in the Java Runtime Environment may allow an untrusted Java Web
Start application or Java applet to move or copy arbitrary files on the system
that the application or applet runs on, by requesting the user of the
application or applet to drag a file from the application or applet window to a
desktop application that has permissions to accept and write files on the
system. To exploit this vulnerability, the application or applet has to
successfully persuade the user to drag and drop the file.