Strix
26.1K

CVE-2007-5239

UnknownEPSS 2.54%

Last modified

CVE-2007-5239 is a vulnerability of currently unknown severity. Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.. EPSS estimates a 2.54% chance of exploitation in the next 30 days.

Description

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.

Metrics

EPSS Probability
2.54%

83.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
SunJdk1.5.0Update1
SunJdk1.6.0Update1
SunJre1.3.0
SunJre1.3.1Update1
SunJre1.4
SunJre1.4.1Update3
SunJre1.4.2
SunJre1.4.2_1
SunJre1.4.2_3
SunJre1.4.2_8
SunJre1.4.2_9
SunJre1.4.2_10
SunJre1.4.2_11
SunJre1.4.2_12
SunJre1.4.2_13
SunJre1.4.2_14
SunJre1.4.2_15
SunJre1.5.0Update1
SunJre1.6.0Update 1
SunSdk1.3.1_01
SunSdk1.3.1_01a
SunSdk1.3.1_16
SunSdk1.3.1_18
SunSdk1.3.1_19
SunSdk1.3.1_20
SunSdk1.4.2
SunSdk1.4.2_03
SunSdk1.4.2_08
SunSdk1.4.2_09
SunSdk1.4.2_10
SunSdk1.4.2_11
SunSdk1.4.2_12
SunSdk1.4.2_13
SunSdk1.4.2_14
SunSdk1.4.2_15

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2007-5239?
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.
How severe is CVE-2007-5239?
Severity scoring for CVE-2007-5239 is pending analysis. The EPSS model estimates a 2.54% probability of exploitation in the next 30 days.
How do I fix CVE-2007-5239?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-5239?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST