Info

Disclosure

Aug 21, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Sun Microsystems, Inc. Java Plug-in and Java Web Start contain a flaw that may allow a malicious user to bypass certain security restrictions. The issue is triggered when vulnerable versions of the Java Plugin and Java Web Start are installed, and a specially crafted applet specifies the vulnerable versions in which to run. It is possible that the flaw may allow applets or applications to run with a specified version of the JRE that does not have the latest security fixes resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Misconfiguration
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to Java Plug-in 5.0 Update 6 or higher for Windows and Java Web Start 5.0 Update 6 and higher for Windows, Solaris, and Linux as it has been reported to fix this vulnerability.

Products

Sun Microsystems, Inc.	J2SE	5.0 Update 5
		1.4.X
		1.3.1
		1.3.0_02
	Java Web Start	1.2
		1.0.2
		1.0.1
		1.0

References

Security Tracker: 1016732 1016733
CVE ID: 2006-4302 (see also: NVD)
Secunia Advisory ID: 21570
Keyword: BugIDs: 6281384
Vendor Specific Solution URL: http://java.sun.com/javase/downloads/index.jsp
Vendor Specific Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
Vendor URL: http://www.sun.com/

Credit

Sun Microsystems, Inc. - Sun Microsystems, Inc.

Direct URL: http://osvdb.org/28109

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Sun Microsystems, Inc.

J2SE

Java Web Start

References

Credit