CVE-2004-1029

Java JRE <1.4.2.04 - RCE

Title source: llm

Description

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Jouko Pynnonen · textdosmultiple

https://www.exploit-db.com/exploits/24763

View Code ZIP pw:eip

References (15)

Core 15

Core References

Various Sources third-party-advisory x_refsource_idefense

http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities

Various Sources x_refsource_misc

http://jouko.iki.fi/adv/javaplugin.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html

Various Sources x_refsource_confirm

http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/13271

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29035

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/61

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12317

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0599

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/18188

Patch, Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/760344

Various Sources x_refsource_confirm

http://www-1.ibm.com/support/docview.wss?uid=swg21257249

Patch, Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1

Scores

EPSS 0.3703

EPSS Percentile 97.2%

Details

CWE

CWE-264

Status published

Products (25)

conectiva/linux 10.0

gentoo/linux

hp/hp-ux 11.00

hp/hp-ux 11.11

hp/hp-ux 11.22

hp/hp-ux 11.23

hp/java_sdk-rte 1.3

hp/java_sdk-rte 1.4

sun/jdk 1.3.1_01 (2 CPE variants)

sun/jdk 1.3.1_01a

... and 15 more

Published Mar 01, 2005

Tracked Since Feb 18, 2026