1.4.204

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

sun

CWE-16

NVD

Published: 2005-12-31

Updated: 2009-08-28

Summary

The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

Vulnerable Configurations

Part	Description	Count
Application	Sun SUN Java Plug IN 1.4.2_03 SUN Java Plug IN 1.4.2_04	2

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://www.securityfocus.com/archive/1/391803