Bugtraq mailing list archives
Re: Sun Security Bulletin #00208
From: "Stanley G. Bubrouski" <stan () ccs neu edu>
Date: Wed, 24 Oct 2001 15:31:26 -0400 (EDT)
Jay, It's an assumption on my part, but there is a quick way to test. The problem was originally reported by a japaneese java group who has frequently in the past focused on MS Java Virtual Machien bugs. There is a test page for browsers that use the JDK to test for this bug found at: http://java-house.etl.go.jp/~takagi/java/security/mrj-clipboard/ The test page is Test.html in that directory and the source of the exploit is Test.java. Of course using this requires you to have a browser which uses the JRE included in the JDK or separate ones. Currently Opera, Mozilla, and Netscape 6 are the only browsers I can think of off the top of my head that use this. I suppose you can try downloading and running the applet via cli if you don't want to install a browser on the system to be sure... Regards, Stan -- Stan Bubrouski stan () ccs neu edu 23 Westmoreland Road, Hingham, MA 02043 Cell: (617) 835-3284 On Wed, 24 Oct 2001, Jay D. Dyson wrote:
-----BEGIN PGP SIGNED MESSAGE----- On Wed, 24 Oct 2001, Stanley G. Bubrouski wrote:It appears it affects all versions of JDK before 1.3.1x...I see. Have you made Sun aware of this? :) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO9a9nLlDRyqRQ2a9AQG0hwP+Ol3KQIfxVzzUcNW5N8whPJsAr0NVw2us RGd00E+BozRUkOeXGre1t3lEFa5xhrdjQFTIXkAwzteGn3dAimJsfUxVjspFOAZ4 ST2EoaiSvZ50ESgAnoWZQ50Z7fQTt5pef6M3s6UEZN6laYebnATlRI38GhPaleyR CPktPVEc4GQ= =M6B8 -----END PGP SIGNATURE-----
Current thread:
- Re: Sun Security Bulletin #00208 Jay Sekora (Oct 23)
- Re: Sun Security Bulletin #00208 Stanley G. Bubrouski (Oct 24)
- Re: Sun Security Bulletin #00208 Avery Buffington (Oct 24)
- <Possible follow-ups>
- Re: Sun Security Bulletin #00208 Stanley G. Bubrouski (Oct 24)