Remote Code Execution Vulnerability in Sun Java Virtual Machine
CVE-2007-5375

Currently unrated

Key Information:

Vendor: Oracle
Status: Java Virtual Machine
Vendor: CVE Published:; 11 October 2007

What is CVE-2007-5375?

A vulnerability exists in the Sun Java Virtual Machine due to an interpretation conflict that allows user-assisted remote attackers to exploit a DNS rebinding attack. This can occur when an intranet web server serves an HTML document referencing a Java applet with the 'mayscript=true' parameter through a local relative URI. This misconfiguration can lead to the execution of arbitrary JavaScript in the context of the intranet, potentially compromising sensitive data and application integrity.

References

http://crypto.stanford.edu/dns/dns-rebinding.pdf

x_refsource_MISC

http://osvdb.org/40930

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2007
Vulnerability Reserved
Oct 10, 2007

Oracle

What is CVE-2007-5375?

References

Timeline