From http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1191: Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue."
This was corrected via: RHEL Supplementary version 5 (RHSA-2008:0267)