Sun Alert 102957 Security Vulnerability With Java Web Start May Allow Application to Escalate Privileges
By security on Jun 28, 2007
A vulnerability in Java Web Start may allow an untrusted application to grant itself permissions to overwrite any file that is writable by the user running the application. This would include the user's .java.policy file which would allow the application to invoke applets or Java Web Start applications that can execute arbitrary code with the permissions of the user running the untrusted application.
Sun acknowledges, with thanks, John Heasman of NGSSoftware Limited, for bringing this issue to our attention.