Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
Sun Java Web Start and Java Plug-in are prone to a privilege-escalation vulnerability.
This issue occurs when the affected applications parse a JAR file that is also a legitimate GIF image file.
An attacker may exploit this issue to obtain sensitive information (such as HTTP session cookies) or to perform actions as legitimate users of a web application. This may aid in further attacks.
NOTE: This issue was previously covered in BID 32620 (Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities), but has been given its own record to better document the issue.
The following versions are affected:
JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier