Arbitrary Code Execution Flaw in Sun Java Plugin for Java 2 Runtime Environment
CVE-2004-1029

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
1 March 2005

Summary

The Sun Java Plugin in the Java 2 Runtime Environment (JRE) versions 1.4.2_01, 1.4.2_04, and potentially earlier iterations, has a security gap that fails to strictly control the interaction between Javascript and Java applets during data transfer. This oversight enables remote attackers to exploit the reflection API to access restricted Java packages, which may result in the execution of malicious code. Such vulnerabilities can lead to significant security risks, including unauthorized data manipulation and system compromises.

References

EPSS Score

35% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.