| VID |
28112 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Sun JRE Java Plug-in, according to its version number, has a privilege escalation vulnerability by an untrusted applet. Sun Microsystems Java Runtime Environment (JRE) and Software Development Kit (SDK) versions 1.4.2_06 and earlier, and 1.5.0_01 and earlier could allow remote, untrusted Java applications to gain elevated privileges, caused by a vulnerability in the Java Runtime Environment. This allows them to read or write local files, or to execute arbitrary local applications. These actions are normally forbidden for untrusted applications running in the Java virtual machine.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1
* Platforms Affected:
SDK and JRE 1.4.2_07 and earlier, and 1.5.0_01 and earlier
Microsoft Windows Any version
Sun Solaris Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Sun JRE/SDK (1.4.2_08 or 1.5.0 Update 2 or later ), as listed in Sun Alert Notification 101749 at http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1 |
| Related URL |
CVE-2005-1973,CVE-2005-1974 (CVE) |
| Related URL |
13945,13958 (SecurityFocus) |
| Related URL |
(ISS) |
|
