Arbitrary Code Execution in Sun Java 2 Platform, Standard Edition (J2SE) 1.4.2_01 and 1.4.2_04

Reported November 23, 2004, by iDEFENSE

VERSIONS AFFECTED

·         Java 2 Platform, Standard Edition (J2SE) 1.4.2_01 and 1.4.2_04 from Sun Microsystems

DESCRIPTION
A vulnerability exists in Sun Java 2 Platform, Standard Edition (J2SE) 1.4.2_01 and 1.4.2_04 that could result in the remote execution of arbitrary code on the vulnerable system. The problem exists within the access controls of the Java to JavaScript data exchange in Web browsers using Sun's Java Plug-in technology. This vulnerability lets JavaScript code load an unsafe class, which isn't normally possible from a Java applet.

VENDOR RESPONSE
Sun Microsystems has released J2SE 1.4.2_06 to address this vulnerability.

CREDIT
Discovered by iDEFENSE.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish