Java Web Start Argument Injection Vulnerability Affecting J2SE by Sun Microsystems
CVE-2005-0836

Currently unrated

Key Information:

Vendor: Oracle
Status: J2se
Vendor: CVE Published:; 2 May 2005

What is CVE-2005-0836?

An argument injection vulnerability exists in Java Web Start for J2SE 1.4.2 up to version 1.4.2_06, which allows untrusted applications to exploit the value parameter of a property tag within a JNLP file to gain elevated privileges. This flaw can lead to unauthorized execution of arbitrary code, posing a significant risk to systems running affected versions of Java Web Start. It is critical for users to secure their installations by applying recommended patches or updates to mitigate potential exploitation.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-77-...

vendor-advisoryx_refsource_SUNALERT

http://marc.info/?l=full-disclosure&m=111117284323657&w=2

mailing-listx_refsource_FULLDISC

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Mar 22, 2005

Oracle

What is CVE-2005-0836?

References

Timeline