[原文]Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities.
Sun Java JDK / JRE Disallowed Class Sandbox Bypass
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Sun JDK (Java Development Kit) and JRE (Java Runtime Environment) contains a flaw that may allow a malicious user to acces restricted resources. The issue is triggered when an untrusted java class loads other disallowed java classes, which will escape the Java sandbox and conduct unauthorized activities, resulting in a loss of confidentiality and integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Sun Microsystems has released a patch to address this vulnerability.