Bug 436302 (CVE-2008-1196)

Summary: CVE-2008-1196 Buffer overflow security vulnerabilities in Java Web Start
Product: [Other] Security Response Reporter: Marc Schoenefeld <mschoene>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: kreilly, x86isme
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-233327-1
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-22 16:29:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 436304, 436305, 439176, 439177, 444749, 451200, 451201, 451202, 455574, 455726, 529660, 529661    
Bug Blocks:    

Description Marc Schoenefeld 2008-03-06 13:09:05 UTC 
A buffer overflow vulnerability in Java Web Start may allow an untrusted Java
Web Start application that is downloaded from a website to elevate its
privileges. For example, an untrusted Java Web Start application may grant
itself permissions to read and write local files or execute local applications
that are accessible to the user running the untrusted application.