[Full-Disclosure] info on JRE < 1.4.2_04 vulnerability

Tue May 11 16:19:38 BST 2004

I am trying to find information on a vulnerability that I found at 
securityfocus.  Here is the URL for all the information...

http://www.securityfocus.com/bid/10301/info/
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57555

I am confused, being a semi-newbie, how this can be a vulnerability 
without an exploit.  Is it just that Sun does not want to admit that 
there is an exploit?  Does anyone have any more information on this that 
they can provide?

Thank you.