Vulnerability Note VU#760344
Sun Java Plug-in fails to restrict access to private Java packages
There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets.
The Java Plug-in is part of the Java 2 Runtime Environment (JRE) and establishes a framework for displaying Java applets within a web browser. There is a vulnerability in the Java Plug-in security framework that could allow a malicious applet to bypass restrictions for accessing private Java packages.
By convincing a victim to download and run a malicious Java applet, an intruder could read, write, and modify files on the system with privileges of the victim.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Sun Microsystems Inc.||Affected||-||23 Nov 2004|
CVSS Metrics (Learn More)
This vulnerability was reported by Jouko Pynnonen.
This document was written by Damon Morda.
- CVE IDs: CAN-2004-1029
- Date Public: 22 Nov 2004
- Date First Published: 23 Nov 2004
- Date Last Updated: 23 Nov 2004
- Severity Metric: 17.55
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.