CVE-2007-5240

Severity

50%

Complexity

99%

Confidentiality

48%

Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.

Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N).

Overview

First reported 17 years ago

2007-10-06 00:17:00

Last updated 6 years ago

2018-10-30 16:26:00

Affected Software

Sun JDK 5.0 Update1

1.5.0

Sun JDK 5.0 Update10

1.5.0

Sun JDK 5.0 Update11

1.5.0

Sun JDK 5.0 Update12

1.5.0

Sun JDK 5.0 Update2

1.5.0

Sun JDK 5.0 Update3

1.5.0

Sun JDK 5.0 Update4

1.5.0

Sun JDK 5.0 Update5

1.5.0

Sun JDK 5.0 Update7

1.5.0

Sun JDK 5.0 Update8

1.5.0

Sun JDK 5.0 Update9

1.5.0

Sun JDK 6 Update 1

1.6.0

Sun JDK 6 Update 2

1.6.0

Sun J2RE 1.3.0

1.3.0

Sun J2RE 1.3.0_05

1.3.0

Sun JRE 1.3.1_01

1.3.1

Sun JRE 1.3.1_16

1.3.1

Sun JRE 1.3.1_18

1.3.1

Sun JRE 1.3.1_19

1.3.1

Sun JRE 1.3.1_01a

1.3.1

Sun JRE 1.3.1_20

1.3.1

JRE 1.4.1_03

1.4.1

Sun JRE 1.4.2

1.4.2

Sun JRE 1.4.2_1

1.4.2_1

Sun JRE 1.4.2_3

1.4.2_3

Sun JRE 1.4.2_8

1.4.2_8

Sun JRE 1.4.2_9

1.4.2_9

Sun JRE 1.4.2_10

1.4.2_10

Sun JRE 1.4.2_11

1.4.2_11

Sun JRE 1.4.2_12

1.4.2_12

Sun JRE 1.4.2_13

1.4.2_13

Sun JRE 1.4.2_14

1.4.2_14

Sun JRE 1.4.2_15

1.4.2_15

Sun JRE 1.5.0_1 (JRE 5.0 Update 1)

1.5.0

Sun JRE 1.5.0_10 (JRE 5.0 Update 10)

1.5.0

Sun JRE 1.5.0_11 (JRE 5.0 Update 11)

1.5.0

Sun JRE 1.5.0_12 (JRE 5.0 Update 12)

1.5.0

Sun JRE 1.5.0_2 (JRE 5.0 Update 2)

1.5.0

Sun JRE 1.5.0_3 (JRE 5.0 Update 3)

1.5.0

Sun JRE 1.5.0_4 (JRE 5.0 Update 4)

1.5.0

Sun JRE 1.5.0_5 (JRE 5.0 Update 5)

1.5.0

Sun JRE 1.5.0_6 (JRE 5.0 Update 6)

1.5.0

Sun JRE 1.5.0_7 (JRE 5.0 Update 7)

1.5.0

Sun JRE 1.5.0_8 (JRE 5.0 Update 8)

1.5.0

Sun JRE 1.5.0_9 (JRE 5.0 Update 9)

1.5.0

Sun JRE 1.6.0 Update 1

1.6.0

Sun JRE 1.6.0 Update 2

1.6.0

Sun SDK 1.3.1_01

1.3.1_01

Sun SDK 1.3.1_01a

1.3.1_01a

Sun SDK 1.3.1_16

1.3.1_16

Sun SDK 1.3.1_18

1.3.1_18

Sun SDK 1.3.1_19

1.3.1_19

Sun SDK 1.3.1_20

1.3.1_20

SDK 1.4.2

1.4.2

SDK 1.4.2_03

1.4.2_03

Sun SDK 1.4.2_08

1.4.2_08

Sun SDK 1.4.2_09

1.4.2_09

Sun SDK 1.4.2_10

1.4.2_10

Sun SDK 1.4.2_11

1.4.2_11

Sun SDK 1.4.2_12

1.4.2_12

Sun SDK 1.4.2_13

1.4.2_13

Sun SDK 1.4.2_14

1.4.2_14

Sun SDK 1.4.2_15

1.4.2_15

References

BEA08-198.00

http://download.novell.com/Download?buildid=q5exhSqeBjA~

HPSBUX02284

SUSE-SA:2008:025

27206

27261

27693

27716

27804

28777

28880

29042

29214

29340

29858

29897

30676

30780

31580

31586

GLSA-200804-28

103071

Patch

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html

http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html

GLSA-200804-20

GLSA-200806-11

SUSE-SA:2007:055

RHSA-2007:0963

RHSA-2007:1041

RHSA-2008:0100

RHSA-2008:0132

RHSA-2008:0156

20071029 FLEA-2007-0061-1 sun-jre sun-jdk

25918

1018769

http://www.vmware.com/security/advisories/VMSA-2008-0010.html

ADV-2007-3895

ADV-2008-0609

ADV-2008-1856

sun-javawarning-weak-security(36942)

oval:org.mitre.oval:def:10783

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.