CVE-2008-2086

Name of the Vulnerable Software and Affected Versions JDK and JRE 6 versions 6 Update 10 and earlier JDK and JRE 5.0 versions 5.0 Update 16 and earlier SDK and JRE 1.4.2 versions 1.4.2 18 and earlier

Description The issue allows remote attackers to execute arbitrary code via a crafted jnlp file that modifies the java.home, java.ext.dirs, or user.home System Properties. This is related to the "Java Web Start File Inclusion" issue.

Recommendations For JDK and JRE 6 versions 6 Update 10 and earlier, update to a version later than 6 Update 10. For JDK and JRE 5.0 versions 5.0 Update 16 and earlier, update to a version later than 5.0 Update 16. For SDK and JRE 1.4.2 versions 1.4.2 18 and earlier, update to a version later than 1.4.2 18. As a temporary workaround, consider restricting the use of crafted jnlp files that modify the java.home, java.ext.dirs, or user.home System Properties until a patch is available.