Description of problem: A buffer overflow vulnerability in the Java Web Start URL parsing code may allow an untrusted application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications with the privileges of the user running the Java Web Start application. [http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1] Version-Release number of selected component (if applicable): This issue can occur in the following releases (for Windows, Solaris, and Linux): * Java Web Start in JDK and JRE 5.0 Update 11 and earlier Therefore Affects: RHEL4-EXTRAS-U5
The list of fixed products with their respective errata is here: https://access.redhat.com/security/cve/CVE-2007-3655