The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 101523 Security Vulnerability With Java Plug-in in JRE/SDK

Guest Author
Product: Java 2 Platform, Standard Edition 1.4.2, SunTea v3.55, Java 2 Platform, Standard Edition 1.4.1

A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges, through JavaScript calling into Java code, including reading and writing files with the privileges of the user running the applet.

Sun acknowledges, with thanks, Jouko Pynnonen for bringing this issue to our attention, and iDEFENSE Inc. for coordinating the release of this issue.

This issue is described in the following document: CVE CAN-2004-1029 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1029.

Avoidance: Upgrade
State: Resolved
First released: 22-Nov-2004

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.