VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2003· Updated Jun 16, 2026

CVE-2003-1123

CVE-2003-1123

Description

Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

62
  • Sun Corporation/Jdk26 versions
    cpe:2.3:a:sun:jdk:1.2.2_10:*:linux:*:*:*:*:*+ 25 more
    • cpe:2.3:a:sun:jdk:1.2.2_10:*:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.2.2_10:*:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.2.2_10:*:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.2.2_11:*:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.2.2_11:*:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.2.2_11:*:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.2.2_12:*:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.2.2:*:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.3.0_02:*:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.3.0_02:*:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.3.0_02:*:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.3.0_05:*:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.3.0_05:*:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.3.0_05:*:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.3.1_01a:*:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.3.1_01:*:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.3.1_01:*:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.3.1_03:*:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.3.1_03:*:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.3.1_03:*:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.3.1_04:*:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.3:*:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.4.0_01:*:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.4:*:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.4:*:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.4:*:windows:*:*:*:*:*
  • Sun Corporation/Jre34 versions
    cpe:2.3:a:sun:jre:1.2.2_003:*:linux:*:*:*:*:*+ 33 more
    • cpe:2.3:a:sun:jre:1.2.2_003:*:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.2.2_011:*:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.2.2_011:*:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.2.2_011:*:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.2.2_012:*:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.2.2:*:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.2.2:update10:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.2.2:update10:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.2.2:update10:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.2.2:*:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.0:*:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.0:*:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.0:update2:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.0:update2:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.0:update2:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.0:update4:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.0:update5:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.0:update5:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.0:update5:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.0:*:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.1_03:*:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.1_03:*:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.1_03:*:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.1:*:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.1:update1:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.1:update1:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.1:update1:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.1:update4:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.3.1:update4:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.0_01:*:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.0_01:*:windows:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4:*:linux:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4:*:solaris:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4:*:windows:*:*:*:*:*
  • Sun Corporation/Java Runtime Environmentllm-fuzzy
    Range: <=1.4.0_01
  • Sun Corporation/SDKllm-fuzzy
    Range: <=1.4.0_01

Patches

Vulnerability mechanics

Root cause

"The Java security model restrictions are bypassed, allowing untrusted applets to access information from trusted applets."

Attack vector

An attacker can deploy a malicious applet that exploits a vulnerability in the Sun Java Runtime Environment. This vulnerability allows the untrusted applet to access sensitive information that should be protected by the Java security model. The exploit leverages components of the Java Media Framework to read memory and retrieve environment variables [ref_id=1].

Affected code

The vulnerability lies within the Sun Java Runtime Environment and SDK, specifically affecting versions 1.4.0_01 and earlier. The exploit code provided targets the Java Media Framework, utilizing classes like `NBA` and `NBAFactory` to read memory and access environment variables [ref_id=1].

What the fix does

The advisory recommends upgrading to the latest versions of Sun SDK and JRE to remediate this vulnerability [ref_id=2]. The specific code changes in the patch are not detailed in the provided information.

Preconditions

  • inputThe affected system must be running Sun JRE or SDK 1.4.0_01 or earlier.
  • networkThe attacker must be able to serve a malicious applet to the target user.

Reproduction

The provided reference includes a Proof-Of-Concept applet that demonstrates reading environment variables via the Java Media Framework vulnerability [ref_id=1].

Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.