Arbitrary Code Execution in Sun Java 2 Platform, Standard Edition (J2SE) 1.4.2_01 and 1.4.2_04
Reported November 23, 2004, by
iDEFENSE
VERSIONS AFFECTED
|
·
Java 2 Platform, Standard Edition (J2SE)
1.4.2_01 and 1.4.2_04 from Sun Microsystems
|
DESCRIPTION
A vulnerability exists in Sun Java 2 Platform, Standard Edition (J2SE) 1.4.2_01
and 1.4.2_04 that could result in the remote execution
of arbitrary code on the vulnerable system. The problem exists within the
access controls of the Java to JavaScript data exchange in Web browsers using
Sun's Java Plug-in technology. This vulnerability lets JavaScript code load an
unsafe class, which isn't normally possible from a Java applet.
VENDOR RESPONSE
Sun Microsystems has released J2SE 1.4.2_06 to
address this vulnerability.
CREDIT
Discovered by iDEFENSE.
