VULHUB ™

Sun's Java Web Start is a platform for deploying Java applications through the web. Web Start is implemented in Java, and thus available for most major platforms, including Microsoft Windows and Linux. Java applications deployed through Web Start may be described by a Java Network Launching Protocol (JNLP) file, an XML document which describes the application and provides references to additional resources such as image files. Image files referenced in a JNLP file are stored in a predictable location. An attacker may create a malicious JNLP file which will place arbitrary files in a known location. A URL reference to the file may then cause malicious content or code to be executed within local context.

Sun's Java Web Start is a platform for deploying Java applications through the web. Web Start is implemented in Java, and thus available for most major platforms, including Microsoft Windows and Linux. Java applications deployed through Web Start may be described by a Java Network Launching Protocol (JNLP) file, an XML document which describes the application and provides references to additional resources such as image files. Image files referenced in a JNLP file are stored in a predictable location. An attacker may create a malicious JNLP file which will place arbitrary files in a known location. A URL reference to the file may then cause malicious content or code to be executed within local context.