What is the severity of CVE-2007-5239?

CVE-2007-5239 is rated as a medium severity vulnerability due to improper enforcement of access restrictions for untrusted applications and applets.

How do I fix CVE-2007-5239?

To fix CVE-2007-5239, upgrade to the latest version of the JDK or JRE that addresses this vulnerability.

What software is affected by CVE-2007-5239?

CVE-2007-5239 affects Sun JDK and JRE versions 6 Update 2 and earlier, 5.0 Update 12 and earlier, and various 1.4.2 and 1.3.1 versions.

What kind of attacks can exploit CVE-2007-5239?

CVE-2007-5239 allows user-assisted remote attackers to execute arbitrary code via malicious applets.

Is there a workaround for CVE-2007-5239?

There are no effective workarounds for CVE-2007-5239 other than applying the patch or upgrading the affected software.

Vulnerability/
CVE-2007-5239

medium

CWE

264

6/10/2007

7/8/2024

CVE-2007-5239

First published: Sat Oct 06 2007(Updated: )

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Java Development Kit (JDK)	=1.5.0-update1
Java Development Kit (JDK)	=1.5.0-update10
Java Development Kit (JDK)	=1.5.0-update11
Java Development Kit (JDK)	=1.5.0-update12
Java Development Kit (JDK)	=1.5.0-update2
Java Development Kit (JDK)	=1.5.0-update3
Java Development Kit (JDK)	=1.5.0-update4
Java Development Kit (JDK)	=1.5.0-update5
Java Development Kit (JDK)	=1.5.0-update7
Java Development Kit (JDK)	=1.5.0-update8
Java Development Kit (JDK)	=1.5.0-update9
Java Development Kit (JDK)	=1.6.0-update1
Java Development Kit (JDK)	=1.6.0-update2
Sun Java Runtime Environment (JRE)	=1.3.0
Sun Java Runtime Environment (JRE)	=1.3.0-update5
Sun Java Runtime Environment (JRE)	=1.3.1-update1
Sun Java Runtime Environment (JRE)	=1.3.1-update16
Sun Java Runtime Environment (JRE)	=1.3.1-update18
Sun Java Runtime Environment (JRE)	=1.3.1-update19
Sun Java Runtime Environment (JRE)	=1.3.1-update1a
Sun Java Runtime Environment (JRE)	=1.3.1-update20
Sun Java Runtime Environment (JRE)	=1.4
Sun Java Runtime Environment (JRE)	=1.4.1-update3
Sun Java Runtime Environment (JRE)	=1.4.2
Sun Java Runtime Environment (JRE)	=1.4.2_1
Sun Java Runtime Environment (JRE)	=1.4.2_3
Sun Java Runtime Environment (JRE)	=1.4.2_8
Sun Java Runtime Environment (JRE)	=1.4.2_9
Sun Java Runtime Environment (JRE)	=1.4.2_10
Sun Java Runtime Environment (JRE)	=1.4.2_11
Sun Java Runtime Environment (JRE)	=1.4.2_12
Sun Java Runtime Environment (JRE)	=1.4.2_13
Sun Java Runtime Environment (JRE)	=1.4.2_14
Sun Java Runtime Environment (JRE)	=1.4.2_15
Sun Java Runtime Environment (JRE)	=1.5.0-update1
Sun Java Runtime Environment (JRE)	=1.5.0-update10
Sun Java Runtime Environment (JRE)	=1.5.0-update11
Sun Java Runtime Environment (JRE)	=1.5.0-update12
Sun Java Runtime Environment (JRE)	=1.5.0-update2
Sun Java Runtime Environment (JRE)	=1.5.0-update3
Sun Java Runtime Environment (JRE)	=1.5.0-update4
Sun Java Runtime Environment (JRE)	=1.5.0-update5
Sun Java Runtime Environment (JRE)	=1.5.0-update6
Sun Java Runtime Environment (JRE)	=1.5.0-update7
Sun Java Runtime Environment (JRE)	=1.5.0-update8
Sun Java Runtime Environment (JRE)	=1.5.0-update9
Sun Java Runtime Environment (JRE)	=1.6.0-update_1
Sun Java Runtime Environment (JRE)	=1.6.0-update_2
Java Development Kit (JDK)	=1.3.1_01
Java Development Kit (JDK)	=1.3.1_01a
Java Development Kit (JDK)	=1.3.1_16
Java Development Kit (JDK)	=1.3.1_18
Java Development Kit (JDK)	=1.3.1_19
Java Development Kit (JDK)	=1.3.1_20
Java Development Kit (JDK)	=1.4.2
Java Development Kit (JDK)	=1.4.2_03
Java Development Kit (JDK)	=1.4.2_08
Java Development Kit (JDK)	=1.4.2_09
Java Development Kit (JDK)	=1.4.2_10
Java Development Kit (JDK)	=1.4.2_11
Java Development Kit (JDK)	=1.4.2_12
Java Development Kit (JDK)	=1.4.2_13
Java Development Kit (JDK)	=1.4.2_14
Java Development Kit (JDK)	=1.4.2_15

Remedy

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-5239?
CVE-2007-5239 is rated as a medium severity vulnerability due to improper enforcement of access restrictions for untrusted applications and applets.
How do I fix CVE-2007-5239?
To fix CVE-2007-5239, upgrade to the latest version of the JDK or JRE that addresses this vulnerability.
What software is affected by CVE-2007-5239?
CVE-2007-5239 affects Sun JDK and JRE versions 6 Update 2 and earlier, 5.0 Update 12 and earlier, and various 1.4.2 and 1.3.1 versions.
What kind of attacks can exploit CVE-2007-5239?
CVE-2007-5239 allows user-assisted remote attackers to execute arbitrary code via malicious applets.
Is there a workaround for CVE-2007-5239?
There are no effective workarounds for CVE-2007-5239 other than applying the patch or upgrading the affected software.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/severity
agent/weakness
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/sun
canonical/java development kit (jdk)
version/java development kit (jdk)/1.5.0-update1
version/java development kit (jdk)/1.5.0-update10
version/java development kit (jdk)/1.5.0-update11
version/java development kit (jdk)/1.5.0-update12
version/java development kit (jdk)/1.5.0-update2
version/java development kit (jdk)/1.5.0-update3
version/java development kit (jdk)/1.5.0-update4
version/java development kit (jdk)/1.5.0-update5
version/java development kit (jdk)/1.5.0-update7
version/java development kit (jdk)/1.5.0-update8
version/java development kit (jdk)/1.5.0-update9
version/java development kit (jdk)/1.6.0-update1
version/java development kit (jdk)/1.6.0-update2
canonical/sun java runtime environment (jre)
version/sun java runtime environment (jre)/1.3.0
version/sun java runtime environment (jre)/1.3.0-update5
version/sun java runtime environment (jre)/1.3.1-update1
version/sun java runtime environment (jre)/1.3.1-update16
version/sun java runtime environment (jre)/1.3.1-update18
version/sun java runtime environment (jre)/1.3.1-update19
version/sun java runtime environment (jre)/1.3.1-update1a
version/sun java runtime environment (jre)/1.3.1-update20
version/sun java runtime environment (jre)/1.4
version/sun java runtime environment (jre)/1.4.1-update3
version/sun java runtime environment (jre)/1.4.2
version/sun java runtime environment (jre)/1.4.2_1
version/sun java runtime environment (jre)/1.4.2_3
version/sun java runtime environment (jre)/1.4.2_8
version/sun java runtime environment (jre)/1.4.2_9
version/sun java runtime environment (jre)/1.4.2_10
version/sun java runtime environment (jre)/1.4.2_11
version/sun java runtime environment (jre)/1.4.2_12
version/sun java runtime environment (jre)/1.4.2_13
version/sun java runtime environment (jre)/1.4.2_14
version/sun java runtime environment (jre)/1.4.2_15
version/sun java runtime environment (jre)/1.5.0-update1
version/sun java runtime environment (jre)/1.5.0-update10
version/sun java runtime environment (jre)/1.5.0-update11
version/sun java runtime environment (jre)/1.5.0-update12
version/sun java runtime environment (jre)/1.5.0-update2
version/sun java runtime environment (jre)/1.5.0-update3
version/sun java runtime environment (jre)/1.5.0-update4
version/sun java runtime environment (jre)/1.5.0-update5
version/sun java runtime environment (jre)/1.5.0-update6
version/sun java runtime environment (jre)/1.5.0-update7
version/sun java runtime environment (jre)/1.5.0-update8
version/sun java runtime environment (jre)/1.5.0-update9
version/sun java runtime environment (jre)/1.6.0-update_1
version/sun java runtime environment (jre)/1.6.0-update_2
version/java development kit (jdk)/1.3.1_01
version/java development kit (jdk)/1.3.1_01a
version/java development kit (jdk)/1.3.1_16
version/java development kit (jdk)/1.3.1_18
version/java development kit (jdk)/1.3.1_19
version/java development kit (jdk)/1.3.1_20
version/java development kit (jdk)/1.4.2
version/java development kit (jdk)/1.4.2_03
version/java development kit (jdk)/1.4.2_08
version/java development kit (jdk)/1.4.2_09
version/java development kit (jdk)/1.4.2_10
version/java development kit (jdk)/1.4.2_11
version/java development kit (jdk)/1.4.2_12
version/java development kit (jdk)/1.4.2_13
version/java development kit (jdk)/1.4.2_14
version/java development kit (jdk)/1.4.2_15