Unrated severityNVD Advisory· Published Jun 30, 2007· Updated Jun 16, 2026
CVE-2007-3504
CVE-2007-3504
Description
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file.
Affected products
5cpe:2.3:a:sun:jre:*:update11:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sun:jre:*:update11:*:*:*:*:*:*range: <=1.5.0
- cpe:2.3:a:sun:jre:*:update13:*:*:*:*:*:*range: <=1.4.2
- Range: <= 5.0 Update 11, <= 1.4.2_13
Patches
Vulnerability mechanics
References
12- sunsolve.sun.com/search/document.donvdPatch
- secunia.com/advisories/25823nvdVendor Advisory
- secunia.com/advisories/28115nvdVendor Advisory
- www.vupen.com/english/advisories/2007/2384nvdVendor Advisory
- www.vupen.com/english/advisories/2007/4224nvdVendor Advisory
- docs.info.apple.com/article.htmlnvd
- lists.apple.com/archives/Security-announce/2007/Dec/msg00001.htmlnvd
- osvdb.org/37755nvd
- www.securityfocus.com/archive/1/472673/100/0/threadednvd
- www.securityfocus.com/bid/24695nvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/35169nvd
News mentions
0No linked articles in our index yet.