|
Note: This is an archival copy of Security Sun Alert 201660 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001237.1. |
Category Security Release Phase Resolved Java 2 Platform, Standard Edition 1.4.2 Java 2 Platform, Standard Edition 1.4.1 Bug Id 5045568 Date of Resolved Release 22-NOV-2004 Impact A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges, through JavaScript calling into Java code, including reading and writing files with the privileges of the user running the applet. Sun acknowledges, with thanks, Jouko Pynnonen for bringing this issue to our attention, and iDEFENSE Inc. for coordinating the release of this issue. This issue is described in the following document: CVE CAN-2004-1029 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1029. Contributing Factors This issue can occur in the following releases:
on the following platforms:
Note: JDK and JRE 5.0 are not affected by this issue. To determine the version of Java on a system, the following command can be run: % java -fullversion java full version "1.4.1_06-b01" Symptoms There are no reliable symptoms that would indicate the described issue has been exploited. Workaround Javascript may be disabled as a temporary workaround. Resolution This issue is addressed in the following releases:
for the following platforms:
J2SE releases are available for download at http://java.sun.com/j2se/, at the following links:
Note: It is recommended that affected versions be removed from your system. For more information, please see the installation notes on the respective java.sun.com download pages. Modification History Date: 06-JAN-2005
Date: 01-DEC-2004
Attachments This solution has no attachment | |||||||||||||||
|
|