Sun Java JRE Plug-in Capability Arbitrary Package Access
High Nessus Plugin ID 16226
SynopsisThe remote Windows host has an application that is affected by a security bypass vulnerability.
DescriptionThe remote host is using a vulnerable version of Sun Java Runtime Plug-in, a web browser addon used to display Java applets. Two security issues have been reported in the remote version of this product :
- An untrusted applet may escalate its privileges in order to read, write or execute files on the remote system.
- An untrusted applet may interfere with trusted applets loaded on the same page.
A remote attacker could exploit this by tricking a user into visiting a maliciously crafted web page.
SolutionUpgrade to JDK 1.3.1_13 / JRE 1.4.2_06 or later.