|
Sun Java Plug-in Sandbox Security Bypass Vulnerability
|
|
Secunia Advisory:
|
SA13271
|
|
|
Release Date:
|
2004-11-23
|
|
Last Update:
|
2005-01-10
|
|
Popularity:
|
37,141 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Sun Java JRE 1.3.x
Sun Java JRE 1.4.x
Sun Java SDK 1.3.x
Sun Java SDK 1.4.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Jouko Pynnonen has reported a vulnerability in Sun Java Plug-in, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a design error, as JavaScript code can create and transfer objects to untrusted applets for some private and restricted classes used internally by the Java Virtual Machine (JVM).
This can e.g. be exploited by a malicious web site to turn off the Java security manager and disable the sandbox restrictions for untrusted applets.
The vulnerability has been reported in SDK / JRE version 1.4.2_05 and prior, all 1.4.1 and 1.4.0 versions, and version 1.3.1_12 and prior.
NOTE: Marc Schoenefeld has also reported a vulnerability in version 1.4.2_05 within the serialization APIs, which can be exploited to consume a large amount of CPU resources on a remote JVM.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
