CVE-2005-0471
Description
Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Sun Java JRE 1.1.x-1.4.x creates predictable temporary filenames on 8.3 file systems, allowing remote attackers to write arbitrary files to known locations.
Vulnerability
The Sun Java JRE versions 1.1.x through 1.4.x include the Java Plugin, which creates temporary files with long filenames containing a random string (e.g., Sprocket.jar-76251372-2a771823.zip). On file systems that use 8.3 short names (such as FAT), the short name discards the random portion, resulting in predictable filenames like SPROCK~1.ZIP. This predictability allows an attacker to know the exact location where temporary files are written. [1]
Exploitation
A remote attacker can host a malicious applet or web page that triggers the Java Plugin to create temporary files. When a user visits the page and the applet runs, the temporary file is created with a predictable short name. The attacker can then write arbitrary content to that known location without authentication. The attacker may use this capability in conjunction with another unrelated exploit to achieve further compromise. [1]
Impact
The attacker gains the ability to write arbitrary file content to a known location on the user's system. While this flaw alone may not pose a large security risk, it can be leveraged as a stepping stone for other attacks, such as privilege escalation or arbitrary code execution, by placing malicious data in a predictable path. [1]
Mitigation
At the time of publication, no official patch was available. As a workaround, the Sun Java Plugin can be configured to use a nonstandard location for temporary files via the Java Control Panel (select the "Settings" button in the "..." section). The CERT/CC was unaware of a practical solution. [1]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11cpe:2.3:a:sun:jdk:1.1.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:sun:jdk:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.1:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:sun:jre:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*
- Range: >=1.1, <=1.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- secunia.com/advisories/11070/nvdVendor Advisory
- www.kb.cert.org/vuls/id/544392nvdThird Party AdvisoryUS Government Resource
- secunia.com/secunia_research/2004-7/advisory/nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/19285nvd
News mentions
0No linked articles in our index yet.