SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java Plug-in Vendors:   Sun
Java Plug-in May Let Remote Users Exploit Old Vulnerabilities
SecurityTracker Alert ID:  1016732
SecurityTracker URL:  http://securitytracker.com/id/1016732
CVE Reference:   CVE-2006-4302   (Links to External Site)
Updated:  Jun 5 2008
Original Entry Date:  Aug 23 2006
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): The version with J2SE 5.0 Update 5 and earlier, 1.4.x, 1.3.1, and 1.3.0_02 and later
Description:   A vulnerability was reported in Java Plug-in. A remote user may be able to exploit old vulnerabilities.

A remote user can create specially crafted applets and applications that will specify a version of the Java Runtime Environment (JRE) on the target system that does not have the latest security fixes.

Impact:   A remote user can create an applet or application that, when loaded by the target user, can specify an earlier, unpatched version of JRE. This may allow the remote user to exploit ostensibly patched vulnerabilities in JRE.
Solution:   Sun has issued a fix (Java Plug-in 5.0 Update 6 and later for Windows). For Solaris and Linux, a workaround is described in the Sun advisory.

The Sun advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1 (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC