Related information

Sun Java WebStart multiple security vulnerabilities

ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow

ZDI-08-042: Sun Java Web Start Sandbox Bypass Vulnerability

From:	varun.srivastav_(at)_gmail.com <varun.srivastav_(at)_gmail.com>
Date:	26.10.2008
Subject:	Java Web start vulnerability

Hi,
There is vulnerability in Java Web Start. Already there is some vulnerability posted  for persistenceservice service of
java web start. But in Basicservice also we can run any file on the client using showDocument method. Just give the URL of
file on client computer. If the browser has software attached to run that filetype it will be run automatically without
user knowledge.
Regards
Varun Srivastava