| Description: | | A vulnerability has been reported in the way Sun Java Web Start isolates java applications from the host system. A Java Web Start configuration file (JNLP) can be crafted to inject command-line arguments into the vulnerable Web Start virtual machine application. An attacker can exploit this vulnerability to bypass security restrictions and perform privileged operations on a target system. In the case of a successful attack, the target system will not exhibit any specific unusual behaviour. The Java security restrictions will be bypassed leaving the system open to arbitrary code execution by the JNLP Java application. The behaviour of the attack target will depend entirely on the nature of the application. A successful exploitation may result in the target filesystem being compromised, in order to facilitate further exploitation. |