A vulnerability in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

Sun acknowledges, with thanks, Adam Gowdiak, for bringing this issue to our attention.

This issue can occur in the following releases:

• Java 2 Platform, Standard Edition(J2SE) 5.0 and 5.0 Update 1 for Windows, Solaris and Linux
• J2SE 1.4.2_07 and earlier 1.4.2 releases for Windows, Solaris and Linux

Note: J2SE 1.3.1_xx releases for Windows, Solaris and Linux are not affected.

To determine the version of Java on a system, the following command can be run:

    % java -fullversion
    java full version "1.5.0_02-b09"

There are no reliable symptoms that would indicate the described issue has been exploited.

There is no workaround for this issue.

This issue is addressed in the following releases:

• Java 2 Platform, Standard Edition(J2SE) 5.0 Update 2 and later for Windows, Solaris, and Linux
• J2SE 1.4.2_08 and later for Windows, Solaris, and Linux

J2SE 5.0 and 1.4.2 are available for download at the following links:

5.0 at: http://java.sun.com/j2se/1.5.0/download.jsp and http://java.com

1.4.2 at: http://java.sun.com/j2se/1.4.2/download.html

Note: It is recommended that affected versions be removed from your system. For more information, please see the installation notes on the respective java.sun.com download pages.

This solution has no attachment