| VID |
28106 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Sun Java Plug-in, according to its version number, has multiple vulnerabilities. Sun Microsystems Java Runtime Environment (JRE) and Software Development Kit (SDK) versions 1.4.2_05 and earlier, 1.4.1, 1.4.0, and 1.3.1_12 and earlier are vulnerable to two security issues:
- The first issue can allow an untrusted applet to escalate its privileges to access resources with the privilege level of the user running the applet.
- The second issue allows an untrusted applet to interfere with another applet embedded in the same web page.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57708-1
http://www.ciac.org/ciac/bulletins/p-105.shtml
* Platforms Affected:
SDK and JRE 1.4.2_05 and earlier, all 1.4.1 and 1.4.0 releases, and 1.3.1_12 and earlier
Microsoft Windows Any version
Sun Solaris Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Sun JRE/SDK (1.4.2_06 or later or 1.3.1_13 or later ), as listed in Sun Alert Notification 57708 at http://sunsolve.sun.com/search/document.do?assetkey=1-26-57708-1 |
| Related URL |
CVE-2004-1029 (CVE) |
| Related URL |
12317 (SecurityFocus) |
| Related URL |
18975,18976 (ISS) |
|
