CVE-2008-4910: Java Web Start Arbitrary File Execution via file URL

Severity: Critical

CVSS Score: 10

The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.