{"vuid":"VU#760344","idnumber":"760344","name":"Sun Java Plug-in fails to restrict access to private Java packages","keywords":["Sun","Java Plug-in","JavaScript","private classes","applet"],"overview":"There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets.","clean_desc":"The Java Plug-in is part of the Java 2 Runtime Environment (JRE) and establishes a framework for displaying Java applets within a web browser. There is a vulnerability in the Java Plug-in security framework that could allow a malicious applet to bypass restrictions for accessing private Java packages. Java's built-in security framework is designed to prevent access to private Java packages that are used internally by the Java Virtual Machine (JVM). When a Java applet attempts to access one of these packages, an AccessControlException will be thrown indicating that the requested access is denied. However, a flaw in the security framework fails to prevent such access to these private Java packages via JavaScript code.","impact":"By convincing a victim to download and run a malicious Java applet, an intruder could read, write, and modify files on the system with privileges of the victim. The reporter notes that some private Java packages contain classes that allow direct access to memory or provide methods that can modify private fields of Java objects. This could allow an intruder to disable the Java security manager.","resolution":"Upgrade\nSun has issued an advisory which addresses this issue. For more information on upgrades available for your system, please refer to Sun Security Alert 57591.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by \nJouko Pynnonen","author":"This document was written by Damon Morda.","public":["http://jouko.iki.fi/adv/javaplugin.html","http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=false","http://secunia.com/advisories/13271/","http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1","http://java.sun.com/products/plugin/index.jsp","http://java.sun.com/j2se/desktopjava/jre/index.jsp","http://java.sun.com/docs/books/tutorial/essential/system/securityIntro.html","http://java.sun.com/j2se/1.5.0/docs/api/java/security/AccessControlException.html","http://java.sun.com/docs/books/tutorial/reflect/"],"cveids":["CVE-2004-1029"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-11-23T16:46:46Z","publicdate":"2004-11-22T00:00:00Z","datefirstpublished":"2004-11-23T21:47:33Z","dateupdated":"2004-11-23T21:47:58Z","revision":25,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"2","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"12","cam_impact":"13","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"17.55","cam_scorecurrentwidelyknown":"21.9375","cam_scorecurrentwidelyknownexploited":"39.4875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":17.55,"vulnote":null}