CVE-2004-1029

Name of the Vulnerable Software and Affected Versions: Java 2 Runtime Environment (JRE) versions 1.4.2 01 through 1.4.2 04 and possibly earlier versions

Description: The issue concerns improper access restriction between Javascript and Java applets during data transfer. This allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

Recommendations: For Java 2 Runtime Environment (JRE) versions 1.4.2 01 through 1.4.2 04 and possibly earlier versions, consider disabling the use of the reflection API to access private Java packages as a temporary workaround until a patch is available. Restrict access between Javascript and Java applets to minimize the risk of exploitation.