Arbitrary Code Execution Flaw in Sun Java Plugin for Java 2 Runtime Environment
CVE-2004-1029
Currently unrated
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 1 March 2005
Summary
The Sun Java Plugin in the Java 2 Runtime Environment (JRE) versions 1.4.2_01, 1.4.2_04, and potentially earlier iterations, has a security gap that fails to strictly control the interaction between Javascript and Java applets during data transfer. This oversight enables remote attackers to exploit the reflection API to access restricted Java packages, which may result in the execution of malicious code. Such vulnerabilities can lead to significant security risks, including unauthorized data manipulation and system compromises.
References
EPSS Score
35% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved