JRE < 1.4.2_02 vulnerability

[Dolphsec <dolphsec () dolphtech com>]

I am trying to find information on a vulnerability that I found at 
securityfocus.  Here is the URL for all the information...

http://www.securityfocus.com/bid/10301/info/
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57555

I am confused, being a semi-newbie, how this can be a vulnerability 
without an exploit.  Is it just that Sun does not want to admit that 
there is an exploit?  Does anyone have any more information on this that 
they can provide?

Thank you.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html