Arbitrary Code Execution Flaw in Sun Java Plugin for Java 2 Runtime Environment
CVE-2004-1029

Currently unrated

Key Information:

Vendor: Oracle
Status: Jre; Enterprise Firewall; Jdk; Java Sdk-rte
Vendor: CVE Published:; 1 March 2005

Summary

The Sun Java Plugin in the Java 2 Runtime Environment (JRE) versions 1.4.2_01, 1.4.2_04, and potentially earlier iterations, has a security gap that fails to strictly control the interaction between Javascript and Java applets during data transfer. This oversight enables remote attackers to exploit the reflection API to access restricted Java packages, which may result in the execution of malicious code. Such vulnerabilities can lead to significant security risks, including unauthorized data manipulation and system compromises.

References

http://www.idefense.com/application/poi/display?id=158&ty...

third-party-advisoryx_refsource_IDEFENSE

http://jouko.iki.fi/adv/javaplugin.html

x_refsource_MISC

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

35% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 1, 2005
Vulnerability Reserved
Nov 12, 2004