More Information on Java Exploit

I've come across some additional information on the java exploit story.

First, SANS Incident Storm Center and CERT have issued alerts:

• CERTs warn about old java bug being exploited
• Malicious Website Exploiting Sun Java Reflection API Vulnerability

Next I found Jouko Pynnönen who found the original bug and his advisory.

Also a news story on silicon.com from November 24, 2004 discussing the potential impact of the vulnerability.